[snip]
Check the headers:
Received: (from Majordomo@localhost)
by rigel.cs.pdx.edu (8.12.10/8.12.3/Submit) id h9G2fZt3027348
for crime-outgoing; Wed, 15 Oct 2003 19:41:35 -0700 (PDT)
X-Authentication-Warning: rigel.cs.pdx.edu: Majordomo set sender to
owner-crime@private using -f
Received: from tuttle.oit.pdx.edu (tuttle.oit.pdx.edu [131.252.120.29])
by rigel.cs.pdx.edu (8.12.10/8.12.10) with ESMTP id h9G2fOK1027326
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168
verify=NO)
for <crime@private>; Wed, 15 Oct 2003 19:41:25 -0700 (PDT)
Received: from localhost (evrtwa1-ar4-4-47-073-009.evrtwa1.dsl-verizon.net
[4.47.73.9])
by tuttle.oit.pdx.edu (8.12.10/8.12.10) with SMTP id h9G2fMx8000787
for <crime@private>; Wed, 15 Oct 2003 19:41:22 -0700 (PDT)
Looks like 4.47.73.9 sent it.
That netblock is owned by Genuity. Best of luck convincing them it is
worth their time to track down a single windows user who didn't care
enough to buy an antivirus tool.
[snip]
"We were wondering whom to send the bill from our IT consultant to. The
virus we got from your machine looks like it will cost us umpty-ump thousand
dollars in lost data, emergency hourly work, and compromised law enforcement
and anti terrorist computers.
Just want to make sure the invoice ends up on the right desk.
Ta ta,
Ima Bofh"
This archive was generated by hypermail 2b30 : Thu Oct 16 2003 - 12:24:59 PDT