[..] > So, has anyone actually sent mail to an envelope sender to see if > they're actually infected? Or is it possible this thing just likes to > fake the same sender for all outgoing messages?
Seeing that I have a collection of around 2000 unique and believable return-paths from this virus, it seems quite likely that they're legitimate. I have also recieved a few emails forwarded through from the sender's mail servers informing me that I have been sent a virus. And, as was said, the email addresses in the return path, and the servers that the mail travels through to get here, do indeed link together. That evidence linked together provides a pretty strong case that they're not faked. - Kye Lewis <kye -at- lewislan- dot- id -dot- au > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
