At 02:51 +0100 on 09/03/03, Peter Heinemann wrote: >Today I got mail from: > >[EMAIL PROTECTED]
The from address isn't useful as diagnosis here. What has happened is a digest subscriber to that list has recently become infected with a virus. The virus, being the devious little thing that it is, then does the following: 1) picks out a user name from an address book entry (in this case, pci-powermacs, originating from [EMAIL PROTECTED]) 2) picks out a domain from an address book entry (in this case, someone whose e-mail is @netnitco.net) 3) combines those to create an return e-mail address (what you see above) 4) appends the beginning of an e-mail (probably the one used to harvest the user name, based on the fact that I have yet to see this with something *other* than a PCI-Powermacs digest as its contents) to a new e-mail message 5) sets the subject of this e-mail message to that of the harvested e-mail (in the two cases where I got it, a PCI-Powermacs digest) 6) sends the e-mail to everyone in that person's address book, using the faked from: address. Having examined the headers on the e-mail, I know - or have a pretty damn good idea - of *exactly* who is responsible for this. I've let the listmom know and I've told the guy he needs to run a virus scan on his Windoze box. -- the pickle FAQ <http://macfaq.org/index.shtml> _________________________________________________________________ -- Quadlist is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Enter To Win A | -- Canon PowerShot Digital Cameras start at $299 | Free iBook! | Support Low End Mac <http://lowendmac.com/lists/support.html> Quadlist info: <http://lowendmac.com/lists/quadlist.shtml> The FAQ: <http://macfaq.org/> --> AOL users, remove "mailto:"; Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/quadlist%40mail.maclaunch.com/> Using a Mac? Free email & more at Applelinks! http://www.applelinks.com
