Bill Moran wrote: > Just curious if anyone knows the origin of all these auto-responses, etc. > > I'm seeing a lot of these on every list I'm subscribed to (not all of them > FreeBSD related) so I was wondering if some Windows trojan is running rampant > and using these list addresses as return addys? > > Anyone know? Yes. There are a number of machines in the texas.gov domain that are infected with the SoBIG worm because the morons running them are too dumb to install Windows patches from 6 months ago, and to split their inbound and outbound mail servers and filter out outbound mail from forged "from" addresses with an IP address that happens to be in their netblock, but with a source domain that is not one of the domains under their immediate control. One of these machines is 204.65.42.107, which is in the netblock subdelegated to access.texas.gov. There are about 4 others. but that one in particular has someone who is subscribed to the FreeBSD mailing lists. Be warned that if you post to these mailing lists at all, the user on that machine subscribed to the list will end up using *your* email address will be used to forge outbound email to other people by the worm. Most people who build out email infrastructure have no idea of what they are doing. On the plus side, whoever is running that frigging machine is liable under California law for a fine of $10,000 and up to 3 years in jail, since forging a "from" address belonging to someone else is now a felony in California. -- TerryReceived on Tue Aug 19 2003 - 23:57:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:19 UTC