Discussion:
RCN "postmaster" email virus
(too old to reply)
Jim
2005-03-12 02:10:32 UTC
Permalink
I just posted this in the General group, but thought it might be of interest
here also. About three weeks ago, I got an email that claimed to be from
***@RCN.com that claimed I was sending spam from a compromised
computer (NOT), and that I should follow the directions in an attached file.
Needless to say, I did not even try to open the attachment, but forwarded it
to ***@RCN.com.

I retained the message in my sent mail box. Out of curiosity, I just scanned
the attachment, which was in .zip format, and got:
Win32:Mydoom-AM [Wrm]

I think the hackers are getting inventive.
Seth H Holmes
2005-03-14 13:03:33 UTC
Permalink
Post by Jim
I just posted this in the General group, but thought it might be of interest
here also. About three weeks ago, I got an email that claimed to be from
computer (NOT), and that I should follow the directions in an attached file.
Needless to say, I did not even try to open the attachment, but forwarded it
I retained the message in my sent mail box. Out of curiosity, I just scanned
Win32:Mydoom-AM [Wrm]
I think the hackers are getting inventive.
These types of things are common. Users where I work get the same thing on
our domain. I've gotten them to my personal domain. You can go through the
headers and find the source of where it came from. Then you might be able
to figure out who you know that's infected. It sometimes works. Usually
not.
--
Seth H Holmes
Jim
2005-03-15 18:11:35 UTC
Permalink
Post by Seth H Holmes
These types of things are common. Users where I work get the same thing on
our domain. I've gotten them to my personal domain. You can go through the
headers and find the source of where it came from. Then you might be able
to figure out who you know that's infected. It sometimes works. Usually
not.
--
Seth H Holmes
Good thought, though this one is now deleted. I had assumed it was a random
mailing, like most spam I get, except that somehow they knew I was on RCN.
But they could do a reverse-dns lookup to determine the RCN domain. It is
probably a more effective technique than most emailed worms.
Seth H Holmes
2005-03-16 17:49:24 UTC
Permalink
Post by Jim
Good thought, though this one is now deleted. I had assumed it was a random
mailing, like most spam I get, except that somehow they knew I was on RCN.
But they could do a reverse-dns lookup to determine the RCN domain. It is
probably a more effective technique than most emailed worms.
Not even that complicated. Take the domain name, e-mail to
$***@domainname from ***@domainname. Just repeat for a variety
of different possible addresses in that domain. It's frighteningly simple.
--
Seth H Holmes
The Good, The Bad and The Ugly http://www.gbuonline.com
Autumn Tree Armored Combat Company http://www.atacc.org
Paragon Jousting http://www.paragonjousting.com
Loading...