Hi, On Wed, Jul 23, 2003 at 07:15:51PM +0200, Oliver Schwartz wrote: > in the last two days I received two emails with faked addresses that > claimed to be sent via sane-devel (but in fact were not). Both emails > contained a .pif file which, I assume, contains a virus. DO NOT OPEN > THIS FILE.
I have received emails claiming to be sent by SANE developers for about 18 months now. > The sender names were taken from SANE-Devel (Martin Kho, Henning > Meyer-Geinitz). The email address of the sender, however, was faked > (see attached mail below). To make the mail look more authentic it > also gives a small quote from an previous email to sane-devel. That one looks like a new sort of worm/virus. I have received about 10 of those during the last two weeks. Mostly "from" SANE developers, but also from other entities. One claims to be sent by "Henning Meier-Geinitz" <[email protected]>. I thought about suing the real author because of this defamation :-) > I don't think such mails can be prevented, but, as always, you should > take extra care when opening attachements, even from people you > recognize from the mailing list. I'd be interested on how the mails are created. Is the person who is infected by this worm subscribed to sane-devel? Or are the messages scanned from the web archive? All mails of this type were sent over vsmtp1.tin.it. IIRC, that's a big Italien provider. > From: Henning Meier-Geinitz <[email protected]> Hah, that's the same mail I also got today. > X-Spam-Status: No, hits=-6.4 required=5.0 > tests=EMAIL_ATTRIBUTION,MICROSOFT_EXECUTABLE > autolearn=ham version=2.53 -6.4 point for an obvious worm. Looks like GMX has to do more homework. Bye, Henning
