From: Wes Groleau <groleau@freeshell.org>
Subject: Re: Current "Swen" worm attack - the best address
Date: Sat, 27 Sep 2003 21:30:11 -0500
Date: 2003-09-27T21:30:11-05:00 [thread overview]
Message-ID: <7decna18Xfwz2uuiXTWJig@gbronline.com> (raw)
In-Reply-To: <e2e5731a.0309270545.1647c7cb@posting.google.com>
Alexander Kopilovitch wrote:
> Wes Groleau wrote:
>>Forging downstream Received headers is impossible,
>>but most spammer support programs routinely add
>>one or more fake headers to make it appear that
>>the origin is one or more hops further than it is.
>>
>>The headers posted appear to contain that sort of forgery.
>
> Does this mean that probably that time a spammer was infected? -;)
No, unless the virus is also a spam tool.
It means that this spammer technique was included
in the virus's SMTP engine, probably for the same
reason spammers do it: to lengthen the time before
someone goes to the correct source and stops it.
--
Wes Groleau
-----------
Daily Hoax: http://www.snopes2.com/cgi-bin/random/random.asp
next prev parent reply other threads:[~2003-09-28 2:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-24 22:31 Current "Swen" worm attack - the best address Alexander Kopilovitch
2003-09-25 8:19 ` Preben Randhol
2003-09-25 15:48 ` Wes Groleau
2003-09-25 20:52 ` [OT] Bad addresses (was: Current "Swen" worm attack - the best address) Henrik Motakef
2003-09-26 0:49 ` [OT] Bad addresses Wes Groleau
2003-09-25 16:43 ` Current "Swen" worm attack - the best address Alexander Kopilovitch
2003-09-25 19:38 ` Preben Randhol
2003-09-26 3:16 ` Alexander Kopilovitch
2003-09-26 9:00 ` Preben Randhol
2003-09-26 17:20 ` Alexander Kopilovitch
2003-09-26 23:21 ` Wes Groleau
2003-09-27 13:45 ` Alexander Kopilovitch
2003-09-28 2:30 ` Wes Groleau [this message]
2003-09-28 17:52 ` Alexander Kopilovitch
2003-09-28 2:32 ` [off-topic] open letter to ISP admins--and virus program vendors Wes Groleau
2003-09-28 3:18 ` Wes Groleau
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox