Boost :

From: David Abrahams (dave_at_[hidden])
Date: 2004-02-13 16:04:29

• Next message: Peter Dimov: "Re: [boost] shared_from_this() fails when the object was handledby an auto_ptr<object const>"
• Previous message: Mat Marcus: "[boost] FC++ Formal review is now in progress (2/13-2/23)"
• In reply to: Jeff Garland: "Re: [boost] Re: Got a boost-request email with MyDoom in it..."
• Next in thread: Dan W.: "[boost] Re: Got a boost-request email with MyDoom in it..."
• Reply: Dan W.: "[boost] Re: Got a boost-request email with MyDoom in it..."

"Jeff Garland" <jeff_at_[hidden]> writes:

> On Wed, 11 Feb 2004 23:38:49 -0500, Dan W. wrote
>> Yeah, never mind... 129.79.245.244 below is in the IP range of the
>> University of Indiana; and the fact that it says it received the
>> email from local host (127.0.0.1) either means that IU.edu's SMTP
>> server is hacked, or that there's another machine in their campus
>> that's hacked and pretending to be local host; or else that local
>> host is hacked, or that my ISP is hacked, or that the server here at
>> work is hacked, or...
>>
>> ...or that I'm hacked... :(
>
> Actually I believe one of the boosters at University of Indiana has been
> hacked. I've been receiving MyDoom infected email with sender names that
> coorespond to the user names of at least one of the boosters there and appear
> to be from there. And I'm certain that my machines haven't been hacked. As
> for me being hacked, that's less clear ;-)

Here's what the IU sysadmin says:

---
We looked into this, and here's a few results:
1. The mail was definitely sent through lists.boost.org (HOG); Larry
looked in the logs and found the relevant entries.
2. As a best guess, this is simple forgery.  This is fairly common
activity for viruses these days; viruses send out to addresses that they
find in your inbox and in your addressbook.  They also masquerade who they
came from, so we don't really know where it came from, other that the IP
address (202.103.247.70, which doesn't resolve to a name).
> It looks as if my normal boost digest emails come through indiana
> university, in fact.
Correct.
> So, my first guess was probably right as well, that
> the SMTP server for the boost mailing list doesn't scan outgoing emails
> for viruses
Correct.
>  --if it isn't altogether hacked...
Not as far as we know.
> And now that I remember, I'd had this email address for a whole year and
> hadn't received any spam until I joined the mailing list.  About an hour
> later I got my first 3 spams, and it's been downhill since.
Sorry.  Not the fault of hosting it at IU, though.
-- 
Dave Abrahams
Boost Consulting
www.boost-consulting.com

• Next message: Peter Dimov: "Re: [boost] shared_from_this() fails when the object was handledby an auto_ptr<object const>"
• Previous message: Mat Marcus: "[boost] FC++ Formal review is now in progress (2/13-2/23)"
• In reply to: Jeff Garland: "Re: [boost] Re: Got a boost-request email with MyDoom in it..."
• Next in thread: Dan W.: "[boost] Re: Got a boost-request email with MyDoom in it..."
• Reply: Dan W.: "[boost] Re: Got a boost-request email with MyDoom in it..."

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk