On Wed, 22 Oct 2003 10:17:21 EDT, "William H. Magill" <[log in to unmask]> said: > I received this email yesterday. You should recognize what they are > trying to do. > I don't subscribe to the various security lists anymore... but it > looks like there might be a new "exploit" afoot. Someone needs to do an > analysis. Umm.. I *am* on most of the more relevant security lists, and this looks like news to me. However, why would what you posted say "new exploit" to anybody? At best, it's an attempt to just unsub users. Now, if you had evidence they had gotten a new and creative way to obtain the subscriber list or similar... Also, when chasing things like this, it's *very* important that you include the *original* headers, or at least your MTA logs to chase back where it came from as far as you can (for instance, if it was mail to my listserv, it probably came through our Mirapoint front-ends, and I'd have to chase through those logs to figure out who sent it to us...) > Return-Path: <[log in to unmask]> bounce- ??? If I'm reading these headers correctly, thompsonmedia.com sent the mail to you directly, and it didn't go anywhere near a Listserv or Majordomo. I'm failing to see how they expected this to ever work. Either the Thompsonmedia people are totally clueless, or there's something missing here.... > The only reason I didn't simply ignore and delete this as "junk" when > received was because a list I belong to was apparently hacked yesterday > afternoon with 40 aol.com users deleted from it apparently in a batch. Getting on AOL's block list is a good way to have lots of mail bounce and get the users auto-unsubscribed if your system is configured to do so on a bounce....