[Zope-Annce] WARNING: Virus being sent out with my (forged) address on it

Ken Manheimer klm@zope.com
Wed, 3 Oct 2001 12:46:05 -0400 (EDT)


A virus is being sent out with my email address forged as the origin.
(According to the 'received' headers it comes from IP address
202.100.63.71, which has no connection with any hosts of mine.) The virus
is disguised as an audio file, so even just *selecting* the message in
something like MS Outlook Express (unless it's been patched with very
recent updates) will run the virus code.

The subject line (in the messages i've had reported so far) is quite
funky - something like:

Subject: &w=E7botinfs=D1=F9=C6=B7desktopservice=D1=F9=C6=B7botinfsservice=
sbotinfsserviceservice

I'm not sure why my email address was put on the message - i administer a
substantial number of public email lists, so maybe they cherry-picked it
from there, or it's just random from some infect user's post box.  Any
clues about that are welcome.

By the way, it's very frustrating to be set up as the responsible party
for this - not only didn't i do it, but unlike having my own machines
infected and originating it, i can't even bring them offline to prevent i=
t
from being sent out.  That said, i will continue to investigate whether
any of my workstations actually are originating such messages, but at thi=
s
point it looks like they have nothing to do with it.

--=20
Ken
klm@zope.com