Re: Current "Swen" worm attack - the best address

comp.lang.ada
 help / color / mirror / Atom feed

From: Wes Groleau <groleau@freeshell.org>
Subject: Re: Current "Swen" worm attack - the best address
Date: Sat, 27 Sep 2003 21:30:11 -0500
Date: 2003-09-27T21:30:11-05:00	[thread overview]
Message-ID: <7decna18Xfwz2uuiXTWJig@gbronline.com> (raw)
In-Reply-To: <e2e5731a.0309270545.1647c7cb@posting.google.com>

Alexander Kopilovitch wrote:

> Wes Groleau wrote:
>>Forging downstream Received headers is impossible,
>>but most spammer support programs routinely add
>>one or more fake headers to make it appear that
>>the origin is one or more hops further than it is.
>>
>>The headers posted appear to contain that sort of forgery.
> 
> Does this mean that probably that time a spammer was infected? -;)

No, unless the virus is also a spam tool.

It means that this spammer technique was included
in the virus's SMTP engine, probably for the same
reason spammers do it: to lengthen the time before
someone goes to the correct source and stops it.

-- 
Wes Groleau
-----------
Daily Hoax: http://www.snopes2.com/cgi-bin/random/random.asp

next prev parent reply	other threads:[~2003-09-28  2:30 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-24 22:31 Current "Swen" worm attack - the best address Alexander Kopilovitch
2003-09-25  8:19 ` Preben Randhol
2003-09-25 15:48   ` Wes Groleau
2003-09-25 20:52     ` [OT] Bad addresses (was: Current "Swen" worm attack - the best address) Henrik Motakef
2003-09-26  0:49       ` [OT] Bad addresses Wes Groleau
2003-09-25 16:43   ` Current "Swen" worm attack - the best address Alexander Kopilovitch
2003-09-25 19:38     ` Preben Randhol
2003-09-26  3:16       ` Alexander Kopilovitch
2003-09-26  9:00         ` Preben Randhol
2003-09-26 17:20           ` Alexander Kopilovitch
2003-09-26 23:21             ` Wes Groleau
2003-09-27 13:45               ` Alexander Kopilovitch
2003-09-28  2:30                 ` Wes Groleau [this message]
2003-09-28 17:52                   ` Alexander Kopilovitch
2003-09-28  2:32                 ` [off-topic] open letter to ISP admins--and virus program vendors Wes Groleau
2003-09-28  3:18                   ` Wes Groleau

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox