said:
>My IP is 4.60.79.12 (DHCP but 24x7 so it doesn't change, at least on
>Verizon).
It was clearly not from you.
>I'm not convinced it's a virus on someone's machine, although it may be.
If it's not a virus, then why does the message body contain a virus? A
message that contains a virus fits my definition of a virus.
I will agree that is is sophisticated in the sense that then sender
appears to attempt to make the from and to addresses have some
relationship.
>One reason I don't think it's a spammer is
>because nobody on the SCOUG lists is based in Mexico (.mx) thus there's
>nobody in Mexico who would have a SCOUG list in their address book.
What do you mean? It's very typical for these types of attacks to collect
address books from the captured machines. The address book that provided
the from and to addresses could have come from anywhere. We think the
sender is in Mexico, but even that can be forged at times.
Steven
--
----------------------------------------------------------------------
"Steven Levine" MR2/ICE 2.47 #10183 Warp4/FP15/14.093c_W4
www.scoug.com irc.fyrelizard.com #scoug (Wed 7pm PST)
----------------------------------------------------------------------
=====================================================
To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-programming".
For problems, contact the list owner at
"rollin@scoug.com".
=====================================================
>> Next Message >>
Return to [ 23 |
July |
2004 ]
The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA
Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS
RESERVED.
SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group.
OS/2, Workplace Shell, and IBM are registered trademarks of International
Business Machines Corporation.
All other trademarks remain the property of their respective owners.
