> ) for [EMAIL PROTECTED]; Tue, 06 Nov 2001 17:54:11 -0800 > ) Received: from [???.???.?.??] (helo=ALBERT)
Well, the IP address you replaced with ??? is where the infected mail came from. It's just a Windows machine infected by Nimda that happened to have the idn mailing list in its address book. My guess is it's Yves' computer at home or somewhere, but in any case case the owner is an innocent victim like the rest of us. (For those who don't know how Nimda works, once a computer is infected, it automatically mails everyone in your address book with infected messages.) Bruce ----- Original Message ----- From: "YangWoo Ko" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 08, 2001 11:59 AM Subject: Re: [idn] Nimda virus information > On Thu, Nov 08, 2001 at 11:28:27AM +0900, Bruce Thomson wrote: > > > > > > According route informatin in the mail header, it was NOT originated > > > from Yves but from somewhere else. Maybe virus forge sender field > > > of mail message. > > > > > Or possibly the virus has infected another computer Yves has used in > > the past to post to this list. It should be possible to figure it out from the > > mail headers, but I already deleted my copy of the infected mail. > > I attached infected mail header. Please see where it started its journey. > I overwrite IP address with '?' to avoid unintended dispute. > > ) Date: Tue, 06 Nov 2001 17:54:03 -0800 > ) From [EMAIL PROTECTED] Wed Nov 7 12:00:50 2001 > ) From: <[EMAIL PROTECTED]> > ) Subject: [idn] ip > ) Return-Path: <[EMAIL PROTECTED]> > ) Received: from psg.com (psg.com [147.28.0.62]) > ) by nexus.spsoft.co.kr (8.10.0/8.10.0) with ESMTP id fA7301l01436 > ) for <[EMAIL PROTECTED]>; Wed, 7 Nov 2001 12:00:08 +0900 > ) Received: from lserv by psg.com with local (Exim 3.33 #1) > ) id 161Hut-0003c9-00 > ) for [EMAIL PROTECTED]; Tue, 06 Nov 2001 17:54:11 -0800 > ) Received: from [???.???.?.??] (helo=ALBERT) > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > ) by psg.com with smtp (Exim 3.33 #1) > ) id 161Hul-0003bw-00 > ) for [EMAIL PROTECTED]; Tue, 06 Nov 2001 17:54:03 -0800 > ) MIME-Version: 1.0 > ) Content-Type: multipart/related; > ) type="multipart/alternative"; > ) boundary="====_ABC123456j7890DEF_====" > ) X-Priority: 3 > ) X-MSMail-Priority: Normal > ) X-Unsent: 1 > ) Message-Id: <[EMAIL PROTECTED]> > ) Bcc: > ) Sender: [EMAIL PROTECTED] > ) Precedence: bulk > > -- > /*------------------------------------------------ > YangWoo Ko : [EMAIL PROTECTED] > We Invent Enterprise Software Solutions > and Make You Secure & Powerful. > ------------------------------------------------*/ > >
