[ale] Virus from T-Dialin client (was Re: Your letter)
Fulton Green
ale at FultonGreen.com
Sat Apr 24 22:05:09 EDT 2004
On Sat, Apr 24, 2004 at 06:58:04PM -0400, Christopher R. Curzio wrote:
> Actually, I can pretty much guarantee it WASN'T you, since Netsky spoofs
> the FROM address, and you don't use Windows at work. It was from someone
> who has your work address in their address book.
>
> Of course, this is assuming you're not running an infected Windows machine
> at home, in which case it could be that box...
Actually, if you examine the very last Received: header (the one that
negotiates with ale.org's MX host), the offending party is using an
address that is within the Deutsche Telekom dialup address pool. I
might also add that all the other virii that have managed to hit the
list have CONSISTENTLY been from this pool of addresses. I previously
wrote DT's spam/virus abuse department, thinking I'd get some sort of
resolution. Yeah, right.
So there's your clue: look for someone on the list that's previously
posted from a T-Dialin account.
Or, just do like me and adjust your spam/virus filter accordingly.
More information about the Ale
mailing list