Greetings: For whatever reason, it seems that I have become the target (or masqueraded source as the case may be) of an email prank. Someone originating from SERVER4 (193.128.138.68 [193.128.138.68]) is sending out the email portion of the Nimda virus with *my* email address as the FROM. The RIPE whois server (responsible for European addresses) reports the netblock ownership as follows: inetnum: 193.128.138.64 - 193.128.138.127 netname: EEIA-NET descr: East of England Investment Agency Ltd country: GB admin-c: RF778-RIPE tech-c: RF778-RIPE status: ASSIGNED PA mnt-by: AS1849-MNT changed: jamesbat_private 19980630 changed: stephenbat_private 19990915 source: RIPE I don't really know what I can do about it other than to notify you folks. The SF newsgroups are the only email-based groups I participate in from this box or address, so if this is malicious it is likely that you might get an email that looks like it is from me. Of late, I have been posting all my content directly to the HammerOfGod website, and have not been using attachments (I learned my lesson from the Mutex program I zipped up and sent out...) Besides, I would NEVER send out and .exe. In fact, I couldn't even if I wanted to as my mail is first filtered by my local server, and then by 2 others before it finally goes out to the world. Sorry for any confusion, but there is not much I can do about it. AD ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Nov 04 2001 - 17:38:16 PST