Re: Someone on the list has a virus
Gonz [EMAIL PROTECTED] wrote: Mark Roberts wrote: The originating IP was 204.127.198.39 (comcast.net) I've searched my most recent pdml emails, and the only comcast.net address comes from Paul Stenquist. But the IP address does not match, not even close. Since Comcast assigns IP addresses dynamically, this doesn't mean much. The virus could have come from someone who unsubscribed months ago or someone who's on line now but has since been assigned a different IP by Comcast. No way of telling. -- Mark Roberts Photography and writing www.robertstech.com
Re: Re: Someone on the list has a virus
From: Christopher Oliver [EMAIL PROTECTED] Date: 2005/02/09 Wed PM 10:46:46 GMT To: pentax-discuss@pdml.net Subject: Re: Someone on the list has a virus On Wed, Feb 09, 2005 at 05:13:18PM -0500, Mark Roberts wrote: Just got an email with a virus sent to me. Because these things automatically forge their headers there's no way of knowing who it came from but the From line had one PDML member, I noticed that also shortly after my first post to PDML, I started to get a lot of spam bounces to my virtual domain but prefixed with a random recipient. I've no idea if this is a mere coincidence or a virus which sends mortgage spam. Could we have an e-mail harvester as a subscriber? I'm running a fairly tightly configured mail server under Linux, and after a check through the system logs, I'm strongly doubting I am the originator. I strongly suspect that the eamils are harvested from the mail archive, from before they were obscured. I am subscribed twice. Once, nomail, from work and once, normally, from home. The work account was there before obscuring, the home account after. Guess which one gets loads of spam and viruses? mike - Email sent from www.ntlworld.com - virus-checked by McAfee - visit www.ntlworld.com/security for more information
Re: Someone on the list has a virus
Note: I had to pull this off the archives, since Mark's response never made it to my inbox. - Gonz [EMAIL PROTECTED] wrote: Mark Roberts wrote: The originating IP was 204.127.198.39 (comcast.net) I've searched my most recent pdml emails, and the only comcast.net address comes from Paul Stenquist. But the IP address does not match, not even close. Since Comcast assigns IP addresses dynamically, this doesn't mean much. The virus could have come from someone who unsubscribed months ago or someone who's on line now but has since been assigned a different IP by Comcast. No way of telling. True, but his IP address has been pretty consistent for the last couple of months or so. Generally, at least the most significant digits do not change dramatically. -- Mark Roberts Photography and writing www.robertstech.com
Re: Someone on the list has a virus
On Wed, Feb 09, 2005 at 05:13:18PM -0500, Mark Roberts wrote: Just got an email with a virus sent to me. Because these things automatically forge their headers there's no way of knowing who it came from but the From line had one PDML member, I noticed that also shortly after my first post to PDML, I started to get a lot of spam bounces to my virtual domain but prefixed with a random recipient. I've no idea if this is a mere coincidence or a virus which sends mortgage spam. Could we have an e-mail harvester as a subscriber? I'm running a fairly tightly configured mail server under Linux, and after a check through the system logs, I'm strongly doubting I am the originator. Hm. -- Christopher Oliver Inside every good dog is a terrier trying to get out.
Re: Someone on the list has a virus
Christopher Oliver [EMAIL PROTECTED] wrote: I noticed that also shortly after my first post to PDML, I started to get a lot of spam bounces to my virtual domain but prefixed with a random recipient. I've no idea if this is a mere coincidence or a virus which sends mortgage spam. How is your mail server configured to handle invalid email addresses? If it bounces them to the address in the From line that's bad. What spammers are doing now is finding mail servers that bounce undeliverables this way. Here's how it works: The spammer forges the intended *recipient* into the From line then sends to a random address on the server. The server then bounces it to the From address (complete with message body - the spam), thereby delivering the spam exactly where the spammer wanted it to go. Could we have an e-mail harvester as a subscriber? Not likely. Not enough subscribers to make it worth while :) I'm running a fairly tightly configured mail server under Linux, and after a check through the system logs, I'm strongly doubting I am the originator. The originating IP was 204.127.198.39 (comcast.net) -- Mark Roberts Photography and writing www.robertstech.com
Re: Someone on the list has a virus
It's not the lens lust virus, is it? So that's where I got it. Joe
Re: Someone on the list has a virus
Mark Roberts wrote: The originating IP was 204.127.198.39 (comcast.net) I've searched my most recent pdml emails, and the only comcast.net address comes from Paul Stenquist. But the IP address does not match, not even close. rg
Re: Someone on the list has a virus
Looks like there is indeed someone who has a virus - it got one such mail, too - but thereĀ“s no way of telling from whom or where it came from. I got it to my other address and it looked like it had come from this list but it probably did not. All the best! Raimo K personal photography homepage at: http://www.uusikaupunki.fi/~raikorho/ Quoting Mark Roberts [EMAIL PROTECTED]: Just got an email with a virus sent to me. Because these things automatically forge their headers there's no way of knowing who it came from but the From line had one PDML member, the return path had another PDML member and the message body mentioned a third. So it's a good bet that it came from someone with all these email addresses on their computer (ie: a PDML member). The origination IP address belonged to Comcast so if you're a PDML'er on Comcast I'd suggest doing a virus scan ASAP. There's an excellent antivirus package that's *free* for personal use at http://www.avast.com -- Mark Roberts Photography and writing www.robertstech.com
