[TheForge] Re: Some infected blacksmith
Terry L. Ridder
[email protected]
Tue Mar 23 04:52:00 2004
hello mike;
On Tue, 23 Mar 2004, Mike wrote:
mike>
<snip>
mike>
mike> Yes, exactly. $VICTIM has infected machine. Virus on $VICTIM's
mike> machine looks in the Windows "address book" or practically anywhere
mike> else on $VICTIM's HD and finds addresses. It takes those addresses
mike> two at a time, sends an infected email mssg to one of them, forged to
mike> appear to have come from the other. Neither of those two addresses
mike> was involved in sending the infected email.
mike>
<snip>
mike>
mike> I did a bit more digital sleuthing and it seems likely that the
mike> infected machine was:
mike>
mike> 24.156.242.138
mike> (cpe0007e9e0b453-cm014180004981.cpe.net.cable.rogers.com)
mike>
this is the same machine that keeps claiming to be hochewa attempting
to send me mail. i have seen nearly a dozen different members of the
forge e-mail address being used. i have several hundred log entries
though claiming to be hochewa.
the log entries i have started on 2 mar 2004 and have continued ever
since. last entry was two hours ago. needless to say rogers.com is
useless in removing the infected box from the network.
mike>
mike> Whoever was using that address as of 22 Mar 2004 23:05:16 -0000 is
mike> probably the infected party.
mike>
mike> - Mike
mike>
mike>
--
terry l. ridder ><>