So far today, I've received two email messages from kbl-zrz2519.zeelandnet.nl [62.238.233.233] which, apparently, claimed in its HELO message to *be* our local MX (which of course was who it was talking TO). Sounds to me like a bug in the sending software. The other thing these messages had in common was a 33KB .scr ("screen saver") executable attachment. Norton doesn't recognize this as a known threat, but I don't want to be the first to learn the hard way what it does. MAYBE this is just ill-conceived and poorly-written spam. Maybe it's something more serious. Anybody know one way or the other? David Gillett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Dec 30 2002 - 16:19:15 PST