Brett, > Sadly, the copies of the worm we're receiving are coming from > companies whose employees we'd expect to know better than to > leave machines unprotected -- such as V-One and SCO. It was noted before by someone, and witnessed by myself, that Nimda employs spoofing of sender's address. Yesterday I received a Nimda copy that was *sent by myself* (which of course raised my suspicion). A few minutes later I got a reply from McAfee ASAP Support which is an auto-replying mailbox - apparently Nimda sent itself to at least two addresses (but I'll assume there were more), pretending to be me. So let's not assume someone has a badly secured machine just because he/she is the apparent sender - more likely it means that someone with the apparent sender's address in address book is a little behind on security. Regards, Mitja Kolsek ACROS, d.o.o. Stantetova 4, SI - 2000 Maribor, Slovenia web: http://www.acros.si e-mail: mitja.kolsekat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 12:45:19 PDT