LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2004, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2004, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FW: status
From:	"Bartram, Chris (Contractor)" <[log in to unmask]>
Reply To:	Bartram, Chris (Contractor)
Date:	Tue, 27 Jul 2004 15:40:24 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (50 lines)

You have to almost completely disregard any from/to headers you see in your
mail reader. They are almost ALWAYS forged and typically bear NO resemblence
to the real source of the virus-laden message.

I got bombarded with batches of them yesterday, some forging my email or
domain name as the sender... and at least 6 different machines that were the
REAL source of the messages were internal HP.COM systems! (You have to
examine the Received: headers in the email message to track the true source
of these messages).

No response from the HP Abuse desk, but those messages did stop shortly
thereafter. I suspect their helpdesk had their hands full...

 -Chris Bartram


Emerson, Tom <mailto:[log in to unmask]> wrote:
> It is indeed a virus -- we even received an "emergency" post from our
> system admins on the subject, pointing out the variations in subject
> matter and attachment name and urging us to verify we had the latest
> "signature" file from symantec;  I **really really** hope that one or
> more of the systems between "the infected computer" [be it Tracy's or
> another that used Tracy's name to throw people off the trail] and my
> system has indeed "cleaned" the virus -- the outlook client is
> especially bad for this as when you've separated things into list
> folders, it is only natural to click "next, next, next..." until
> you've read all the messages for the day -- a viral message in the
> middle WILL get opened in this manner :( [and if it auto executes,
> well...]
>> -----Original Message-----
>> From: Gary Nolan
>>
>> I received the same thing in my email yesterday claiming it
>> was from my internet tech support. [...] responded that it was not
>> sent from them and the attachment contained a virus.
>>
>> ----- Original Message -----
>> From: "Tracy Pierce" <[log in to unmask]>
>>>> -----Original Message-----
>>>> From: [log in to unmask] [mailto:[log in to unmask]] [...]
>>>> We have received reports [...]
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *



* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU