[Premium-Rx] Infected file? in Premium RX email
mikea
mikea at mikea.ath.cx
Mon Jul 26 09:39:09 EDT 2004
On Mon, Jul 26, 2004 at 08:08:35AM -0400, WF2U wrote:
> Hi All,
>
> I just received the mail myself - it's a spoofed address or someone's
> infected mail program which is sending it.
>
> Looking at the message header, it came from IP address 194.176.164.76, which
> resolves to a host adams.chem..uaic.ro and this is definitely not any one of
> my computers, neither my domain, nor my ISP's domain.
>
> Furthermore, as a computer professional, I'm protected and completely virus
> free.
>
> Best regards,
I got it, too, and agree completely with Meir's analysis. Looks to
me as though adams.chem.uaic.ro is infected and knows the address of
the list and at least one of the members. This address-spoofing is
quite typical of modern worms. I'll drop a line to postmaster at uaic.ro
and postmaster at chem.uaic.ro about the infected machine, and hope that
others who got it will do the same.
I *hate* having to do for mail to this list what I do at my day job:
spam and virus filtering.
--
Mike Andrews
mikea at mikea.ath.cx
Tired old sysadmin
More information about the Premium-Rx
mailing list