On 21/10/05, erik_moeller@gmx.de erik_moeller@gmx.de wrote:
why should I?
Erm... Null context exception: Reply has no parent.
-- Rowan Collins BSc [IMSoP]
Rowan Collins:
On 21/10/05, erik_moeller@gmx.de erik_moeller@gmx.de wrote:
why should I?
Erm... Null context exception: Reply has no parent.
This message was not sent by me, but by host213-186.pool8173.interbusiness.it, as the headers show. It uses a forged From: line. It is, in fact, the W32/Netsky.AN worm or a variation thereof, which uses subject lines like "Re: hi" and body text like "why should I?".
http://www.pspl.com/virus_info/worms/netskyan.htm
Like many email worms, it uses addresses picked up from the infected system, that is, the forged sender is *not* the infected user. wikitech-l allows posts from subscriber addresses immediately to the list, but it strips attachments, so you don't get the actual worm payload.
Authentic email from me always includes my real name in the From: line (though this is of course by no means sufficient to verify its origin).
HTH,
Erik
-----BEGIN PGP SIGNED MESSAGE-----
Moin,
On Friday 21 October 2005 23:20, Erik Moeller wrote:
Rowan Collins:
On 21/10/05, erik_moeller@gmx.de erik_moeller@gmx.de wrote:
why should I?
Erm... Null context exception: Reply has no parent.
This message was not sent by me, but by host213-186.pool8173.interbusiness.it, as the headers show. It uses a forged From: line. It is, in fact, the W32/Netsky.AN worm or a variation thereof, which uses subject lines like "Re: hi" and body text like "why should I?".
http://www.pspl.com/virus_info/worms/netskyan.htm
Like many email worms, it uses addresses picked up from the infected system, that is, the forged sender is *not* the infected user. wikitech-l allows posts from subscriber addresses immediately to the list, but it strips attachments, so you don't get the actual worm payload.
Authentic email from me always includes my real name in the From: line (though this is of course by no means sufficient to verify its origin).
Maybe you should start signing your email with PGP :-)
Mail from me always has a @bloodgate.com message-id, is signed by me with gnupg, and usually comes via relay.pair.com - just for the record :)
Best wishes,
Tels
- -- Signed on Fri Oct 21 23:23:29 2005 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
"People who are rather more than six feet tall and nearly as broad across the shoulders often have uneventful journeys. People jump out at them from behind rocks then say things like, 'Oh. Sorry. I thought you were someone else.'" -- Terry Pratchett
On 21/10/05, Erik Moeller erik_moeller@gmx.de wrote:
Rowan Collins:
On 21/10/05, erik_moeller@gmx.de erik_moeller@gmx.de wrote:
This message was not sent by me, but by host213-186.pool8173.interbusiness.it, as the headers show. It uses a forged From: line. It is, in fact, the W32/Netsky.AN worm or a variation thereof, which uses subject lines like "Re: hi" and body text like "why should I?".
D'oh! Should have thought of that. Damn spoofable protocols. And damn non-human e-mails. And, obviously, damn worms [and their writers].
Out of interest, I thought there was an SPF filter running on the mailing list server; the only "Received-SPF" header I can see seems to be comparing against the line "Sender:wikitech-l-bounces@..." and succeeding. Is it just obscuring the previous one?
Anyway, sorry.
-- Rowan Collins BSc [IMSoP]
wikitech-l@lists.wikimedia.org