Lee Elliott wrote:

I'm under a serious spam attack from an infected computer of someone on the
list.  Here is where the spam is originating:

user-24-214-247-18.knology.net

These e-mails almost certainly have spoofed 'From' addresses and just about the only thing you can be sure of is that they don't come from where they say they do.

That's not the return address -- it's the last Received: header (i.e. the first hop that the e-mail took). The infected user almost certainly had this domain, though his or her ISP might have a different name. If anyone one the list has the IP address 24.214.247.18 right now and is unfortunate enough to use Windows and Outlook, please disconnect your ethernet cable immediately and then get help disinfecting your system.


In the mean time there's little that can be done about it.

On a case-by-case basis, you can hunt down the individual infected machines by examining the headers. It gets tiresome after a while, though, especially when I was receiving a couple of thousand of these a day.


The worst b*****ds in this whole mess are not the virus writers, slimey as they are, or Microsoft, incompetent as they are; rather, it's the enterprise anti-virus software vendors, who sell systems that automatically send useless virus warnings every time a message like this comes. Either

(a) they're complete idiots who couldn't be trusted with the washroom key at a gas station, much less corporate network security; or

(b) they know perfectly well that they're making the problem worse and that their warnings are going to the wrong people, but cannot resist the free advertising ("but it's not SPAM, it's a VIRUS WARNING!").

I'm leaning towards (b), because (a) scares me even more.


All the best,


David

_______________________________________________
Flightgear-devel mailing list
[EMAIL PROTECTED]
http://mail.flightgear.org/mailman/listinfo/flightgear-devel

Reply via email to