To make this a little more concrete, here's some data from the last few such
emails that I've received. First, typical headers:
From - Thu Jul 6 18:56:35 2006
X-Account-Key: account2
X-UIDL: 1152233907.18606.mta6-4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: george:[EMAIL PROTECTED]
X-OB-Received: from unknown (192.168.9.207)
by 192.168.8.190; 7 Jul 2006 00:58:27 -0000
Received: from 30013-2004-0009.com (unknown [203.229.175.114])
by spf6-3.us4.outblaze.com (Postfix) with SMTP id 1D21C10DADB
for <[EMAIL PROTECTED]>; Fri, 7 Jul 2006 00:58:22 +0000 (GMT)
Date: Fri, 07 Jul 2006 09:58:30 +0900
To: "George" <[EMAIL PROTECTED]>
From: "Agiorgio" <[EMAIL PROTECTED]>
Subject: Avis
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
Next, the IP addresses and the purported senders:
221.163.190.71 - "Tal" <[EMAIL PROTECTED]>
203.229.175.114 - "Agiorgio" <[EMAIL PROTECTED]>
218.155.24.56 - "Tal" <[EMAIL PROTECTED]>
210.222.7.64 - "Slouken" <[EMAIL PROTECTED]>
211.192.1.102 - "Eljay" <[EMAIL PROTECTED]>
214.180.5.118 - "Tal" <[EMAIL PROTECTED]>
The last IP address is in Estonia; the rest are in Korea.
Can anyone take this further?
--
/George V. Reilly [EMAIL PROTECTED]
http://www.georgevreilly.com/blog
George V. Reilly wrote:
> [CCing the Vim and Vim-Dev lists. Not that it did any good the last
time I raised this subject.]
>
> It is NOT me, dammit! Someone on the Vim list is infected with a
virus that trawls through his address book and forges the From address.
I too get dozens of virus-laden emails every week that purport to be
from various people on the Vim list. Bram, Henk, Arpaffdy, and my own
name are some of the names that I see regularly. This has been going on
for at least two years :-(
>
> This laptop has been running a fresh install of Ubuntu 6.06 for the
last four weeks, so if you've seen any mails from me in that interval,
it definitely wasn't me. And I run antivirus and antispyware software
when I'm running Windows, and I keep the signatures up to date.
>
> Vimmers, for the love of God, download antivirus and antispyware
software, and run a scan on your machines.
>
> Windows users, start here:
http://www.microsoft.com/athome/security/default.mspx
>
> /George
>
> @ Rocteur CC wrote:
>> I can't believe it, is this really you.
>>
>> I receive at least 5 spams a week from your email address.
>>
>> I can't believe it, is this a legitimate mail from you ?
>>
>> I'll be damned, the worlds biggest spammer is from the VIM list..
>>
>> I didn't realize..
>>
>> Virus, worms, spam, you name it, I get it from your address, I
always thought it was a phony email address and now I see it is a real one..
>>
>> Can you not do something about this ?
>>
>> Anyway, I have hundreds of spam mail from you and it was a shock to
see one that was not spam..
>>
>> Jerry
>>
>> On 06 Jul 2006, at 21:10, George Reilly wrote: [snip]
