RE: CRIME [VIRUS] Don't Use this patch immediately !

From: Buelna, Derek (derek.buelna@private)
Date: Thu Oct 16 2003 - 11:34:31 PDT

Next message: Todd Ellner: "Re: CRIME [VIRUS] Don't Use this patch immediately !"

Previous message: Craig.Schiller@private: "CRIME Re: Microsoft patch now virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You're right. Genuity can't do anything for me besides blocking that IP (which of course won't help me) even though we are a customer.

Please ban the user from sending messages to the list. That makes the most sense to me. If the list configured such that anyone is allowed to send to it then I think that needs to change to subscribed/authorized users. 

-Derek

-----Original Message-----
From: Seth Arnold [mailto:sarnold@private]
Sent: Thursday, October 16, 2003 10:51 AM
To: crime@private
Subject: Re: CRIME [VIRUS] Don't Use this patch immediately !


On Thu, Oct 16, 2003 at 10:33:14AM -0700, Buelna, Derek wrote:
> I'm pleased that these messages are free of viruses but.. I wouldn't
> be surprised if the messages are coming from the same PC. The mail
> server and or the list manager should be able to get the source IP,
> right? I'm thinking that it might be valid. I'd be glad to look into
> this if you could toss me the source IP..

Check the headers:
Received: (from Majordomo@localhost)
        by rigel.cs.pdx.edu (8.12.10/8.12.3/Submit) id h9G2fZt3027348
        for crime-outgoing; Wed, 15 Oct 2003 19:41:35 -0700 (PDT)
X-Authentication-Warning: rigel.cs.pdx.edu: Majordomo set sender to owner-crime@private using -f
Received: from tuttle.oit.pdx.edu (tuttle.oit.pdx.edu [131.252.120.29])
        by rigel.cs.pdx.edu (8.12.10/8.12.10) with ESMTP id h9G2fOK1027326
        (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
        for <crime@private>; Wed, 15 Oct 2003 19:41:25 -0700 (PDT)
Received: from localhost (evrtwa1-ar4-4-47-073-009.evrtwa1.dsl-verizon.net [4.47.73.9])
        by tuttle.oit.pdx.edu (8.12.10/8.12.10) with SMTP id h9G2fMx8000787
        for <crime@private>; Wed, 15 Oct 2003 19:41:22 -0700 (PDT)

Looks like 4.47.73.9 sent it.

That netblock is owned by Genuity. Best of luck convincing them it is
worth their time to track down a single windows user who didn't care
enough to buy an antivirus tool.

-- 
The Bill of Rights: 7 out of 10 rights haven't been sold yet! Contact
your congressman for details how *you* can buy one today!

Next message: Todd Ellner: "Re: CRIME [VIRUS] Don't Use this patch immediately !"
Previous message: Craig.Schiller@private: "CRIME Re: Microsoft patch now virus"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 12:12:40 PDT