From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,e9d84ce06116c5ae
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-09-27 19:30:08 PST
Path: 
 news1.google.com!newsfeed.stanford.edu!headwall.stanford.edu!newshub.sdsu.edu!small1.nntp.aus1.giganews.com!border3.nntp.aus1.giganews.com!intern1.nntp.aus1.giganews.com!nntp.giganews.com!nntp.gbronline.com!news.gbronline.com.POSTED!not-for-mail
NNTP-Posting-Date: Sat, 27 Sep 2003 21:30:06 -0500
Date: Sat, 27 Sep 2003 21:30:11 -0500
From: Wes Groleau <groleau@freeshell.org>
Reply-To: groleau@freeshell.org
Organization: Ain't no organization here!
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
 rv:1.4) Gecko/20030624
X-Accept-Language: en-us, en, es-mx, pt-br, fr-ca
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Current "Swen" worm attack - the best address
References: <e2e5731a.0309241431.10694993@posting.google.com>
 <slrnbn598s.gt.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309250843.7f8efab6@posting.google.com>
 <slrnbn6h28.d5.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309251916.181d1016@posting.google.com>
 <slrnbn8014.m8.randhol+abuse@kiuk0152.chembio.ntnu.no>
 <e2e5731a.0309260920.451e1323@posting.google.com>
 <DpSdnbIMXJuSV-miU-KYgw@gbronline.com>
 <e2e5731a.0309270545.1647c7cb@posting.google.com>
In-Reply-To: <e2e5731a.0309270545.1647c7cb@posting.google.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <7decna18Xfwz2uuiXTWJig@gbronline.com>
NNTP-Posting-Host: 69.9.86.53
X-Trace: 
 sv3-VqzLIMDdsm3NU/pT5H7R3J1qi9VgGG/BnMyAun9u4BlqYHu+F78g2N1wsHNBiEZxQk3hoR/58hnd/v/!YBguP1I9NQIoRYTZJgwWQ3CuIZsZWWI8u2Y8c7cRt72P7DvSFC6gUIHbcobyYx+3+uO/IhAOv6uC
X-Complaints-To: abuse@gbronline.com
X-DMCA-Complaints-To: abuse@gbronline.com
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint
 properly
X-Postfilter: 1.1
Xref: news1.google.com comp.lang.ada:56
Date: 2003-09-27T21:30:11-05:00
List-Id: <comp.lang.ada>

Alexander Kopilovitch wrote:

> Wes Groleau wrote:
>>Forging downstream Received headers is impossible,
>>but most spammer support programs routinely add
>>one or more fake headers to make it appear that
>>the origin is one or more hops further than it is.
>>
>>The headers posted appear to contain that sort of forgery.
> 
> Does this mean that probably that time a spammer was infected? -;)

No, unless the virus is also a spam tool.

It means that this spammer technique was included
in the virus's SMTP engine, probably for the same
reason spammers do it: to lengthen the time before
someone goes to the correct source and stops it.

-- 
Wes Groleau
-----------
Daily Hoax: http://www.snopes2.com/cgi-bin/random/random.asp