North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Odd spam / virus - comments ?

  • From: Peter Galbavy
  • Date: Tue Mar 26 05:07:10 2002

OK - As a knowledgeable bunch, maybe you lot can give me pointers.

A customer / friend phoned me last night saying that I sent him a virus by
e-mail. Now, I am far more careful than that - at least I hope. It turned
out that it wasn't me, but a forgery. Now, that is not unusual, but what is
that the recipient is someone I know.

I have come up with the following theories:

1. Clever virus distributor. Someone has e-mail address lists and is looking
up MX records for senders and recipients and then matching the two, on the
assuption that the MX for the recipient will accept mail from someone whose
mail transits the same system, and that there may be a level of 'trust' in
the recipient for a sender who uses the same MX relays.

2. Accident. It is just bizarre that someone is forging mail from me to
someone I know. But then I would be getting many more complaints from
complete strangers. I am not.

Anyone seen 1. in active use ?

Headers below - nothing confidential AFAIK - apart from e-mail addresses
that are already 'public'.

Peter

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 25 Mar 2002 16:56:14 +0000
Received: from acba293e.ipt.aol.com ([172.186.41.62] helo=Xvfem)
 by mailstore-1.mail.knowledge.com with smtp (Exim 3.33 #1)
 id 16pXl2-00003E-00
 for [email protected]; Mon, 25 Mar 2002 16:55:45 +0000
From: peter.galbavy <[email protected]>
To: [email protected]
Subject: Introduction on ADSL
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary=Sy82oU85e2CI78a2nsl20
Message-Id: <[email protected]>
Date: Mon, 25 Mar 2002 16:55:45 +0000
Status: