[lug] N00b: Security Warning Fun
dan radom
dan at radom.org
Tue Aug 19 13:24:20 MDT 2003
* The Matt (thompsma at colorado.edu) wrote:
> Folks, I just got a Procmail Security daemon message from uwaterloo
> saying:
>
> *** SECURITY WARNING ***
> Our email gateway has detected that your message to
> jwwalker msgid=<200308191900.h7JJ0nA01475 at watarts.uwaterloo.ca>
> MAY contain hazardous embedded scripting or attachments, or has been
> rejected by our site security policy for some other reason. If you have
> a question, please reply to this notification message.
>
> It goes on to say that I sent "wicked_scr.scr", which is one of the
> Sobig.F files. Now am I right in assuming the worm spoofed my address
> and sent this out? I never use mail on Windows, so I'm pretty sure *I*
> didn't send it, but I've never gotten one of these warnings before.
>
you can ask to see the full headers, but yes. chances are someone simply
forged your address as the from envelop.
dan
More information about the LUG
mailing list