LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Problems with an AOL user

UB Listserv Administrator <[log in to unmask]>

Thu, 21 Mar 2002 12:15:01 -0500

TEXT/PLAIN (58 lines)

Stan,

One thing I have noticed lately is that viruses are becoming smarter in
distributing themselves and hiding their origin. Some of the latest will
take two random addresses from an addressbook, and use one to send "To:"
and one to set the "From:". And if that isn't enough, they can also grab
any addresses saved in web browser cache and use those too. You seem to
assume that whomever sent the virus had malicious intent, but I think the
greater possibility is that this is occuring without the owner of the
infected computer even knowing about it. Especially if it is an AOL user. ;)
It would only be a matter of time before the right combination of addresses
would come up and look exactly as you describe.

Just another possibility to consider.

-Jim

--
Jim Serwinowski                 [log in to unmask]
UB Listserv Administrator       http://listserv.acsu.buffalo.edu


On Thu, 21 Mar 2002, Stan Horwitz wrote:

> Date: Thu, 21 Mar 2002 11:03:05 -0500
> From: Stan Horwitz <[log in to unmask]>
> Reply-To: LISTSERV give-and-take forum <[log in to unmask]>
> To: [log in to unmask]
> Subject: Problems with an AOL user
>
> The person who maintains one of the 1,600+ lists here (Listserv 1.8d)
> started seeing very strange behavior early yesterday morning. Someone
> apparantly attempted to distribute a virus via this person's list and
> spoofed two of this person's email addresses. One address that is on a
> host that no longer even exists; the other from her computer in Ohio which
> wasn't even powered on at the time this message was sent. Fortunately, her
> list is set so that binary attachments are not permitted AND even though
> the attachment was embedded in the frame of an HTML formatted msg, the
> HTML was malformed and the MIME was also malformed so the virus portion of
> the message never reached anyone on the list.
>
> This happened again this morning, but the originating address was
> different. This time, the from address was somewhere in ".cz" and probably
> also spoofed (I suspect).
>
> This list is set so that "Subscription= By_Owner" and "Send= Private". The
> mail headers seem to indicate that the rogue messages originated from AOL.
> I have since instructed this List owner to forward the rogue messages
> intact to AOL to complain and set her list such that "Send=
> Private,Confirm".
>
> I have been maintaining our Listserv for more years than I care to
> remember and this particular List owner has maintained this particular
> list here for a good deal of that time. Neither of us has ever been
> confronted by this type of activity before. Has anyone else had this
> problem? I wonder how responsive AOL will be at helping to track down the
> culprit.

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM