[lbo-talk] Re:

snit snat snitilicious at tampabay.rr.com
Fri Jul 23 05:11:17 PDT 2004


At 07:31 AM 7/23/2004, Doug Henwood wrote:


>I've set this listmember to "moderate," so there should be no more of these.
>
>Doug

I'm still trying to figure out how that got by, though I haven't spent a lot of time on it. You've got the list set to reject messages over 22k or something, so it should reject an attachment since they're usually bigger than 22k. OTOH, this attachment may just be small enough to slip by. I didn't take a look at it and am now too lazy to retrieve it so i can look at the code.

At any rate, blocking Dano's email address should work, but the infected machine doesn't belong to Dano. The machine sending the malware is from ILSTU.edu and it's spoofing Dano's address. I'll write Carrol to see if he knows he needs to clean up his machine--if indeed it's Carrol's machine.

This was in the headers of the malware laden mail, time stamped CST: Received: from crdavis.net (isu134152.ilstu.edu [138.87.134.152]) Date: Thu, 22 Jul 2004 15:15:11 -0600

This is what is normally in Dano's headers. Dano's somewhere near LA, time stamped PST:

Received: from [192.168.0.30] (lsanca2-ar35-4-43-129-017.lsanca2.dsl-verizon.net [4.43.129.17]) Date: Sun, 04 Jul 2004 09:42:50 -0700

(One of my clients was freaking out the other day b/c the latest malware is being written by spammers working with crackers. they're using malware to compromise machines and then they used those machines as 'zombies' to launch spam attacks. Some of the execs at the company were being spoofed. It looked like hotshot CEO was spamming people with ads for viagara. HEH.)

Kelley

"We're in a fucking stagmire."

--Little Carmine, 'The Sopranos'



More information about the lbo-talk mailing list