[lug] N00b: Security Warning Fun
D. Stimits
stimits at comcast.net
Wed Aug 20 12:21:30 MDT 2003
The Matt wrote:
> Folks, I just got a Procmail Security daemon message from uwaterloo
> saying:
>
> *** SECURITY WARNING ***
> Our email gateway has detected that your message to
> jwwalker msgid=<200308191900.h7JJ0nA01475 at watarts.uwaterloo.ca>
> MAY contain hazardous embedded scripting or attachments, or has been
> rejected by our site security policy for some other reason. If you have
> a question, please reply to this notification message.
>
> It goes on to say that I sent "wicked_scr.scr", which is one of the
> Sobig.F files. Now am I right in assuming the worm spoofed my address
> and sent this out? I never use mail on Windows, so I'm pretty sure *I*
> didn't send it, but I've never gotten one of these warnings before.
>
> Sorry for a dumb question, but as I said, this is new to me.
>
> Matt
>
Your address is possibly being spoofed. My battlefieldlinux.com domain
has just started receiving tons of similar replies, and every header
seen so far says it is a forgery, with real origination from a DoD
facility, 199.211.115.72, using Outlook Express. It seems to be a Sophos
virus/worm. There is some humor in a DoD facility using outlook, if you
think about it in a twisted sort of way.
D. Stimits, stimits AT comcast DOT net
More information about the LUG
mailing list