On Jan 31, 18:36, chris wrote:
> >The message contains Unicode characters and has been sent as a
binary
> >attachment.
>
> Despite allegedly coming from me, I was not the sender of the above
> email. I assure you none of my Macs are infected with this Windows
worm.
> :-)
>
> Someone else with my addy on their machine has been infected. IP in
the
> header traces back to RIPE Networks in Amsterdam.
>
> Fortunately, it appears the list strips attachments, so the email is
> nothing more harmful then a minor annoyance to the list.
Yes, this is standard MyDoom/Novarg. It spoofs the sender in the
"From:" and for good measure uses their hostname in the SMTP exchange
when it contacts the destination. Then it adds a zipfile which
contains the payload.
The list does strip attachments -- you can't send attachments to this
list, nor HTML.
Incidentally, Sellam: just not using OE isn't a cure. It might reduce
the problem, but enough people will save and then open attachments
anyway; besides, there are other ways of passing a virus or worm. I've
seen a few of these at work last week. I blackholed about ten
machines.
--
Pete Peter Turnbull
Network Manager
University of York
Received on Sun Feb 01 2004 - 04:17:46 GMT