Greg Hewgill (ghewgill) wrote,
Greg Hewgill
ghewgill

mydoom gets around

I subscribed to a couple of mailing lists at http://www.us-cert.gov today. This involved writing an email message to majordomo at their site, and then replying to a confirmation message they send to you. Because I have greylisting set up, I had expected to wait a while before receiving the first confirmation message. However, to my surprise I received the confirmation message almost right away! That meant that the mail server at CERT had already contacted mine sometime within the last five days.

I began to think how ironic it would be to have received a Mydoom message from CERT themselves, and if they had an infected computer there. I quickly scanned through mail logs looking for their IP address, and sure enough I found that their server had sent me a message early monday morning.

I did find it, but it turned out to be fairly unexciting. Some other computer out there on the internet somewhere had forged a Mydoom message from <brenda@hewgill.com> to <majordomo@us-cert.gov>, and their mail server dutifully responded back to brenda with a confirmation message. I don't have that confirmation message anymore (I've been deleting a lot of mail lately), but it would have been interesting to see where it came from in the first place.

Oh, how I was hoping to see something fun like an original Mydoom message from CERT.
Tags: spam
Subscribe

  • 2013 in review

    2013 is the year when everything changed. The biggest event was the birth of our daughter Lily. She was born prematurely in Shanghai while we…

  • 2012 in review

    2012 has been fairly quiet. Maybe it just seems that way because I haven't actually written anything new in this blog since last year's annual…

  • new photo galleries

    I've been busy processing photo galleries from the last year (or two) and putting them online for your perusal. Vancouver 2010 Northland…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment