[I do not send HTML mail or attachments to Politech. If you receive such a message that appears to be from me, it is probably a forgery. Apparently this kind of address-scraping is happening to other popular lists like bugtraq as well. --Declan] --- Date: Tue, 22 Jul 2003 17:12:44 -0400 From: "Christopher A. Petro" <petroat_private> To: declanat_private Subject: [declanat_private: FC: Dick Armey, former House Maj. Leader, blasts Poindexter's TIA] Looks like someone's mined the archives for email addresses and hand- crafted an email with an attached win32 executable. I must admit that I'm curious what someone that would put so much effort into such a prank would attach. Anyone bored enough to disassemble it or run it on a throwaway win32 machine? I ran strings against it and it didn't find any human-readable text in it. Odd that they didn't bother to forge the from and return-path headers correctly, either. Relayed through Japan, blah blah blah. The usual. Though the last received header is from what looks to be a PPP dialup, so maybe it's actually the real sender's ip. Either that or someone suffered through spamming through a dialed-up open relay. ===== >From declanat_private Tue Jul 22 16:51:45 2003 Return-Path: <declanat_private> Delivered-To: petroat_private Received: from mail0-4.kcn.ne.jp (mail0-4.kcn.ne.jp [61.86.6.12]) by mail.boredom.org (Postfix) with ESMTP id 5E2CB15C0060 for <petroat_private>; Tue, 22 Jul 2003 16:51:42 -0400 (EDT) Received: from davepike (ppp001-041.kcn.ne.jp [61.86.12.41]) by mail0-4.kcn.ne.jp (8.11.6p2/3.7W-KCN001115) with SMTP id h6MKmSB10702; Wed, 23 Jul 2003 05:48:29 +0900 (JST) Date: Wed, 23 Jul 2003 05:48:29 +0900 (JST) Message-Id: <200307222048.h6MKmSB10702@mail0-4.kcn.ne.jp> From: Declan McCullagh <declanat_private> Subject: FC: Dick Armey, former House Maj. Leader, blasts Poindexter's TIA MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------EC1UN6A2RZNYEY" To: undisclosed-recipients:; ------------EC1UN6A2RZNYEY Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit --- Date: Thu, 26 Jun 2003 15:57:35 -0500 To: declanat_private Subject: CSE Calls for TIA Program Termination From: bhapesat_private CSE News Alert for Declan McCullagh June 26, 2003 Dick Armey, co-Chair ------------------- YOU CAN CHANGE THE N ------------EC1UN6A2RZNYEY [snipped for length --Declan] -- Christopher A. Petro .. petroat_private .. 917-346-1536 --- Date: Sat, 19 Jul 2003 21:07:57 -0400 To: declanat_private From: "Lawrence R. Ware" <larryat_private> Subject: possible trouble for you Declan, just a friendly "heads-up" if you have not already heard: Some maroon in .jp IP space has a virus and it is using >From: Declan McCullagh <declanat_private> as the From and Return-Path fields. Full headers below, the virus payload has been removed, it was named: hjsplit.zip.exe Hope you don't get too many complaints... -larry --- >Status: U >Return-Path: <declanat_private> >Received: from holt.mail.atl.earthlink.net ([207.69.200.187]) > by killdeer (EarthLink SMTP Server) with ESMTP id 19DYma4py3NZFlr0 > for <lrwareat_private>; Sat, 19 Jul 2003 13:31:02 -0700 (PDT) >Received: from carus-z.mspring.net ([207.69.231.92] helo=carus.mspring.net) > by holt.mail.atl.earthlink.net with smtp (Exim 3.33 #1) > id 19dyMA-0006jU-00 > for lrwareat_private; Sat, 19 Jul 2003 16:31:02 -0400 >X-MindSpring-Loop: larryat_private >Received: from mail0-2.kcn.ne.jp ([61.86.6.10]) > by carus.mspring.net (Earthlink Mail Service) with ESMTP id 19DYlE86z3Nl5tW0 > for <larryat_private>; Sat, 19 Jul 2003 16:30:26 -0400 (EDT) >Received: from davepike (ppp001-031.kcn.ne.jp [61.86.12.31]) > by mail0-2.kcn.ne.jp (8.9.3p2/3.7W-KCN981116) with SMTP id FAA23013; > Sun, 20 Jul 2003 05:05:18 +0900 (JST) >Date: Sun, 20 Jul 2003 05:05:18 +0900 (JST) >Message-Id: <200307192005.FAA23013@mail0-2.kcn.ne.jp> >From: Declan McCullagh <declanat_private> >Subject: FC: Dick Armey, former House Maj. Leader, blasts Poindexter's TIA >MIME-Version: 1.0 >Content-Type: multipart/mixed; boundary="----------B6XPDGV3FZA2M4" >X-SpamPal: SPAM BLIST 61.86.6.10 > > >--- > >Date: Thu, 26 Jun 2003 15:57:35 -0500 >To: declanat_private >Subject: CSE Calls for TIA Program Termination >From: bhapesat_private > >CSE News Alert for Declan McCullagh June 26, 2003 >Dick Armey, co-Chair > >------------------- > >YOU CAN CHANGE THE NA > > > # larryat_private # Orlando, Florida --- Date: Tue, 22 Jul 2003 23:30:02 +0200 To: Declan McCullagh <declanat_private> From: Brad Knowles <brad.knowlesat_private> Subject: Fwd: FC: Dick Armey, former House Maj. Leader, blasts Poindexter's TIA Content-Type: multipart/mixed; boundary="============_-1153212928==_============" Declan, Hmm. Looks like you're famous. They're now generating spam in your name. --- begin forwarded text Return-Path: <declanat_private> Received: from worf.skynet.be (worf.skynet.be [195.238.3.92]) by path.skynet.be (8.12.9/8.12.9/Skynet-MAILSTORE-2.13) with ESMTP id h6MLR3sd019064 for <brad.knowlesat_private>; Tue, 22 Jul 2003 23:27:03 +0200 (MET DST) (envelope-from <declanat_private>) Received: from kay.skynet.be (kay.skynet.be [195.238.3.235]) by worf.skynet.be (8.12.9/8.12.9/Skynet-IN-FALLBACK-2.31) with ESMTP id h6MLQYP3022595 for <brad.knowlesat_private>; Tue, 22 Jul 2003 23:26:35 +0200 (MEST) (envelope-from <declanat_private>) Received: from mail0-4.kcn.ne.jp (mail0-4.kcn.ne.jp [61.86.6.12]) by kay.skynet.be (8.12.9/8.12.9/Skynet-IN-2.32) with ESMTP id h6MLQQAr006771 for <brad.knowlesat_private>; Tue, 22 Jul 2003 23:26:27 +0200 (envelope-from <declanat_private>) Received: from davepike (ppp001-041.kcn.ne.jp [61.86.12.41]) by mail0-4.kcn.ne.jp (8.11.6p2/3.7W-KCN001115) with SMTP id h6MKmSB10702; Wed, 23 Jul 2003 05:48:29 +0900 (JST) Date: Wed, 23 Jul 2003 05:48:29 +0900 (JST) Message-Id: <200307222048.h6MKmSB10702@mail0-4.kcn.ne.jp> From: Declan McCullagh <declanat_private> Subject: FC: Dick Armey, former House Maj. Leader, blasts Poindexter's TIA MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------EC1UN6A2RZNYEY" To: undisclosed-recipients:; X-UIDL: fcd316e113d6ab768630ba0b549523a2 --- Date: Thu, 26 Jun 2003 15:57:35 -0500 To: declanat_private Subject: CSE Calls for TIA Program Termination From: bhapesat_private CSE News Alert for Declan McCullagh June 26, 2003 Dick Armey, co-Chair ------------------- YOU CAN CHANGE THE N Content-Type: application/x-msdownload; name="hjsplit.zip.scr" Content-Disposition: attachment; filename="hjsplit.zip.scr" --- end forwarded text -- Brad Knowles, <brad.knowlesat_private> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 22 2003 - 15:20:23 PDT