Home page logo

nanog logo nanog mailing list archives

Re: email virus ==> over the top
From: Susan Zeigler <susan () arcana manske net>
Date: Thu, 21 Aug 2003 15:46:23 -0500

neal rauhauser wrote:

  No one loves me and I don't get much email from the folks who tolerate
me. I just got back from having lunch with some guys who tolerate me and
I found scads of messages from all over -the funniest among the bunch
for our Nanog readers:


  Looks like my internetwork equipment vendor and my two favorite peers
have their Windoze stuff in a complete state of 'higgledy piggledy' - a
technical term from Bloom County cartoons, for those not old enough to


Aww, Neal, you know that I still love you and send you email from time
to time;)

In some cases you can determine the infected machine from the IP in the
header. Of course, if it's that IP is dynamically assigned it's a little
harder. If the volume of email from one source IP gets too high, a
friendly call to their company or ISP might get results--a lookup of the
IP at whois.arin.net should give you the contact info you need.

This virus has been a royal pain for me. My personal, work, postmaster
and webmaster accounts have finally dropped off receiving it, but if
anyone wants the more than several thousand I received Tues. and Wed.,
they're welcome to it.

Anyway, just a note on the consequences here. Each time one of these
silly things hit that forge sender addresses, the number of possible
future infectees who have your email address increases. Let's say that
your brother was infected by Klez. His computer sent out a bunch of
emails as other people--some of them as you. One of those folks gets
infected. Their computer sends out a bunch of emails as other
people--some of them as you. Now you've got people that are friends and
co-workers of other friends that were infected. Each time that circle
gets larger and the number of folks who potentially have your email
address somewhere on their system widens. THIS SUCKS!

The postmaster account is by far the worst one as far as receiving. 

If anyone ever finds out where to send the bill and the firing squad,
I'll be at the front of the line;)

Susan Zeigler             |      Technical Services
szeigler () spindustry com   |      Spindustry Systems
515.225.0920              |      

"You cannot strengthen the weak by weakening the strong." 
-- Abraham Lincoln

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]