|
Boost : |
From: David Abrahams (dave_at_[hidden])
Date: 2004-02-13 16:04:29
"Jeff Garland" <jeff_at_[hidden]> writes:
> On Wed, 11 Feb 2004 23:38:49 -0500, Dan W. wrote
>> Yeah, never mind... 129.79.245.244 below is in the IP range of the
>> University of Indiana; and the fact that it says it received the
>> email from local host (127.0.0.1) either means that IU.edu's SMTP
>> server is hacked, or that there's another machine in their campus
>> that's hacked and pretending to be local host; or else that local
>> host is hacked, or that my ISP is hacked, or that the server here at
>> work is hacked, or...
>>
>> ...or that I'm hacked... :(
>
> Actually I believe one of the boosters at University of Indiana has been
> hacked. I've been receiving MyDoom infected email with sender names that
> coorespond to the user names of at least one of the boosters there and appear
> to be from there. And I'm certain that my machines haven't been hacked. As
> for me being hacked, that's less clear ;-)
Here's what the IU sysadmin says:
--- We looked into this, and here's a few results: 1. The mail was definitely sent through lists.boost.org (HOG); Larry looked in the logs and found the relevant entries. 2. As a best guess, this is simple forgery. This is fairly common activity for viruses these days; viruses send out to addresses that they find in your inbox and in your addressbook. They also masquerade who they came from, so we don't really know where it came from, other that the IP address (202.103.247.70, which doesn't resolve to a name). > It looks as if my normal boost digest emails come through indiana > university, in fact. Correct. > So, my first guess was probably right as well, that > the SMTP server for the boost mailing list doesn't scan outgoing emails > for viruses Correct. > --if it isn't altogether hacked... Not as far as we know. > And now that I remember, I'd had this email address for a whole year and > hadn't received any spam until I joined the mailing list. About an hour > later I got my first 3 spams, and it's been downhill since. Sorry. Not the fault of hosting it at IU, though. -- Dave Abrahams Boost Consulting www.boost-consulting.com
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk