Re: Regarding recent spam on the list

From: Terry Lambert <tlambert2_at_mindspring.com>
Date: Wed, 20 Aug 2003 01:56:13 -0700
Bill Moran wrote:
> Just curious if anyone knows the origin of all these auto-responses, etc.
> 
> I'm seeing a lot of these on every list I'm subscribed to (not all of them
> FreeBSD related) so I was wondering if some Windows trojan is running rampant
> and using these list addresses as return addys?
> 
> Anyone know?

Yes.  There are a number of machines in the texas.gov domain that
are infected with the SoBIG worm because the morons running them
are too dumb to install Windows patches from 6 months ago, and to
split their inbound and outbound mail servers and filter out
outbound mail from forged "from" addresses with an IP address that
happens to be in their netblock, but with a source domain that is
not one of the domains under their immediate control.

One of these machines is 204.65.42.107, which is in the netblock
subdelegated to access.texas.gov.

There are about 4 others. but that one in particular has someone
who is subscribed to the FreeBSD mailing lists.

Be warned that if you post to these mailing lists at all, the user
on that machine subscribed to the list will end up using *your*
email address will be used to forge outbound email to other people
by the worm.

Most people who build out email infrastructure have no idea of
what they are doing.

On the plus side, whoever is running that frigging machine is
liable under California law for a fine of $10,000 and up to 3
years in jail, since forging a "from" address belonging to
someone else is now a felony in California.

-- Terry
Received on Tue Aug 19 2003 - 23:57:10 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:19 UTC