Regards,
Ahne Oosterhof

503-641-9428
[log in to unmask]



-----Original Message-----
From: TechNet [mailto:[log in to unmask]]On Behalf Of Brian Ellis
Sent: Monday, February 09, 2004 04:01
To: [log in to unmask]
Subject: Re: [TN] Spoofed e-mail


Ed

This is not a spoof. What happened is that X allowed himself to be
infected by a worm (probably a MyDoom variant). X's Outlook or Outlook
Express Address Book contained [log in to unmask] amongst a host of other
addresses. The worm then sent to every address in the address book a
copy of itself in a seemingly innocuous message from johnperry. One of
these was [log in to unmask] Now the firewall or gateway server at
the ix.netcom.com domain detected that this message was infected and
bounced back a message to the original apparent sender (johnperry) to
tell him he sent a virused message (although, of course, he didn't).
Now, something interesting happens if the original server bounces this
back again.

For this reason, I detest bouncing software. In fact, over the past few
daya, I've received 3 times as many bounce messages as spam and domains
which bounce spam or viruses cause more harm than good by blocking
Internet bandwidth.

Of course, this would never happen if people didn't use Outlook or
Outlook Express (why do you think Microsoft offered $250,000 for the
arrest of the authors of MyDoom? It was not philanthropic; it was
because their software propagated it and thus their reputation
suffered.) or if they had a valid anti-virus protection.

I have written at length about all these security problems in Circuit
World, Soldering & SMT and Microelectronics International on a number of
occasions, as spammers, bouncers, hackers, crackers and virus writers
improve their black technology. To give you an idea, I have five apps on
my e-mail 'puter just for security purposes against these collective
bastards and I consider them all essential: and I don't use Outlook in
any form or flavour.

Brian

Ed Popielarski wrote:
> Hi all,
>
> I got the below (in text format) which contained hostile code.
>
> Be on the lookout!
>
> ****snip******
> X-Symantec-TimeoutProtection: 0
> X-Symantec-TimeoutProtection: 1
> Status:  U
> Return-Path: <[log in to unmask]>
> Received: from ipc.org ([205.158.190.226])
>  by kite (EarthLink SMTP Server) with ESMTP id 1aPVcg2U23NZFkD0
>  for <[log in to unmask]>; Sun, 8 Feb 2004 12:06:28 -0800 (PST)
> From: [log in to unmask]
> To: [log in to unmask]
> Subject: hello
> Date: Sun, 8 Feb 2004 12:07:05 -0800
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>  boundary="----=_NextPart_000_0004_82398EFA.9900FEAF"
> X-Priority: 3
> X-MSMail-Priority: Normal
> Message-Id: <200402081206.1aPVcg2U23NZFkD0@kite>
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0004_82398EFA.9900FEAF
> Content-Type: text/plain;
>  charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
>
> Mail transaction failed. Partial message is available.
>
>
> ------=_NextPart_000_0004_82398EFA.9900FEAF
> Content-Type: plain/text;
>  name="Norton AntiVirus Deleted1.txt"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>  filename="Norton AntiVirus Deleted1.txt"
>
> Tm9ydG9uIEFudGlWaXJ1cyByZW1vdmVkIHRoZSBhdHRhY2htZW50OiBib2R5LnppcC4NClRo
> ZSBhdHRhY2htZW50IHdhcyBpbmZlY3RlZCB3aXRoIHRoZSBXMzIuTXlkb29tLkFAbW0gdmly
> dXMu
> ------=_NextPart_000_0004_82398EFA.9900FEAF--
>
> *****snip******
>
>
> Regards,
>
> Ed Popielarski
> QTA Machine
> 27291 Jardines
> Mission Viejo, Ca. 92692
>
> Phone:949-581-6601
> Fax: 949-581-2448
>
> WWW.QTA.NET
>
> "All that is good is not embodied in the law;
> and all that is evil is not proscribed by the law.
> A well-disciplined society needs few laws;
> but it needs strong mores."
> William F. Buckley Jr.
>
> ---------------------------------------------------
> Technet Mail List provided as a service by IPC using LISTSERV 1.8e
> To unsubscribe, send a message to [log in to unmask] with following text in
> the BODY (NOT the subject field): SIGNOFF Technet
> To temporarily halt or (re-start) delivery of Technet send e-mail to
[log in to unmask]: SET Technet NOMAIL or (MAIL)
> To receive ONE mailing per day of all the posts: send e-mail to
[log in to unmask]: SET Technet Digest
> Search the archives of previous posts at: http://listserv.ipc.org/archives
> Please visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16
for additional information, or contact Keach Sasamori at [log in to unmask] or
847-509-9700 ext.5315
> -----------------------------------------------------
>
>

---------------------------------------------------
Technet Mail List provided as a service by IPC using LISTSERV 1.8e
To unsubscribe, send a message to [log in to unmask] with following text in
the BODY (NOT the subject field): SIGNOFF Technet
To temporarily halt or (re-start) delivery of Technet send e-mail to
[log in to unmask]: SET Technet NOMAIL or (MAIL)
To receive ONE mailing per day of all the posts: send e-mail to
[log in to unmask]: SET Technet Digest
Search the archives of previous posts at: http://listserv.ipc.org/archives
Please visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16
for additional information, or contact Keach Sasamori at [log in to unmask] or
847-509-9700 ext.5315
-----------------------------------------------------

---------------------------------------------------
Technet Mail List provided as a service by IPC using LISTSERV 1.8e
To unsubscribe, send a message to [log in to unmask] with following text in
the BODY (NOT the subject field): SIGNOFF Technet
To temporarily halt or (re-start) delivery of Technet send e-mail to [log in to unmask]: SET Technet NOMAIL or (MAIL)
To receive ONE mailing per day of all the posts: send e-mail to [log in to unmask]: SET Technet Digest
Search the archives of previous posts at: http://listserv.ipc.org/archives
Please visit IPC web site http://www.ipc.org/contentpage.asp?Pageid=4.3.16 for additional information, or contact Keach Sasamori at [log in to unmask] or 847-509-9700 ext.5315
-----------------------------------------------------