Yes, I know these also exist, my email has been full of them, it's been a little hard not to notice. I'm talking about the Return-Path header, and not the addresses in the emails you describe.
- Kye Lewis <kye -at- lewislan -dot- id -dot- au> > Swen does not only compose email pretending to be a patch from Microsoft. It > also composes email pretending to be a bounced message. There are various > renditions of the false 'return to sender'. A couple of examples follow: > > ----------------------------------------- > Hi. > I'm afraid I wasn't able to deliver your message to one or more > destinations. > Undeliverable mail to [EMAIL PROTECTED] > ------------------------------------------ > I'm sorry to have to inform you that the message returned below could not be > delivered to one or more destinations. > Undeliverable message to [EMAIL PROTECTED] > ------------------------------------------ > Undelivered mail to [EMAIL PROTECTED] > Message follows: > ----------------------------------------- > > F-Secure has a complete list at: > http://www.f-secure.com/v-descs/swen.shtml > > Regards, > Mary Landesman > Antivirus About.com Guide > http://antivirus.about.com > > > ----- Original Message ----- > From: "Kye Lewis" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: "Craig Pratt" <[EMAIL PROTECTED]> > Sent: Friday, September 26, 2003 10:03 AM > Subject: Re: [Full-Disclosure] Swen Really Sucks > > > [..] > > > So, has anyone actually sent mail to an envelope sender to see if > > they're actually infected? Or is it possible this thing just likes to > > fake the same sender for all outgoing messages? > > Seeing that I have a collection of around 2000 unique and believable > return-paths from this virus, it seems quite likely that they're legitimate. > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
