[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Swen Really Sucks

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Swen Really Sucks
From: "Kye Lewis" <kye@xxxxxxxxxxxxxx>
Date: Sat, 27 Sep 2003 00:03:33 +1000

[..]

> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?

Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.

I have also recieved a few emails forwarded through from the sender's mail
servers informing me that I have been sent a virus.
And, as was said, the email addresses in the return path, and the servers
that the mail travels through to get here, do indeed link together.

That evidence linked together provides a pretty strong case that they're not
faked.

- Kye Lewis
<kye -at- lewislan- dot- id -dot- au >

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Swen Really Sucks
  - From: Mary Landesman

References:
- Re: [Full-Disclosure] Swen Really Sucks
  - From: Craig Pratt

Prev by Date: Re: [Full-Disclosure] Swen Really Sucks
Next by Date: Re: [Full-Disclosure] Daniel Geer, author of cybersecurity resigns
Previous by thread: Re: [Full-Disclosure] Swen Really Sucks
Next by thread: Re: [Full-Disclosure] Swen Really Sucks
Index(es):
- Date
- Thread