We have the IP address of the originator. Our admin guy says it's probably some poor smuck on a home computer. Question now is what can we do with this information? The average user isn't going to know how or where to check for an IP address and I believe many ISPs generate their IPs dynamically so it may not be traceable back to a specific machine. > -----Original Message----- > From: Bill Brown [mailto:[log in to unmask]] > Sent: May 20, 2003 3:23 PM > To: [log in to unmask] > Subject: Re: Spam e-mail sent to announce-only list > > For background on how a virus could do this, check your favorite antivirus > vendor's site for information on Klez. It will pick a name from the > address book on the infected machine and use that as the RFC822 "From:." > It then sends to every other entry in the address book. > > You'll need to look at the logs to see where the message came from. If > you have something like a mail relay that shows the RFC821 "Mail From:" > value, that will be the infected user. If not, the best you can do is get > the IP address that it came from. > > --- > > Inanimate objects rock with glee > as they conspire to baffle me. - Ogden Nash > > William Brown > Email/Internet Services > Erie 1 BOCES > (716)821-7285 > > > > > > Wes Anderson <[log in to unmask]> > Sent by: LISTSERV list owners' forum <[log in to unmask]> > 05/20/2003 03:07 PM > Please respond to LISTSERV list owners' forum > > To: [log in to unmask] > cc: > Subject: [LSTOWN-L] Spam e-mail sent to announce-only list > > Also, we are trying to determine who the spammer is and how they managed > to > send this e-mail. Does anyone have any experience in this area? The > manager of our Listserv says there was a virus that generated the e-mail > but > it's still not clear how a virus could find the admin account to post to > this list. Any ideas?