mydoom gets around: ghewgill

I subscribed to a couple of mailing lists at http://www.us-cert.gov today. This involved writing an email message to majordomo at their site, and then replying to a confirmation message they send to you. Because I have greylisting set up, I had expected to wait a while before receiving the first confirmation message. However, to my surprise I received the confirmation message almost right away! That meant that the mail server at CERT had already contacted mine sometime within the last five days.

I began to think how ironic it would be to have received a Mydoom message from CERT themselves, and if they had an infected computer there. I quickly scanned through mail logs looking for their IP address, and sure enough I found that their server had sent me a message early monday morning.

I did find it, but it turned out to be fairly unexciting. Some other computer out there on the internet somewhere had forged a Mydoom message from <brenda@hewgill.com> to <majordomo@us-cert.gov>, and their mail server dutifully responded back to brenda with a confirmation message. I don't have that confirmation message anymore (I've been deleting a lot of mail lately), but it would have been interesting to see where it came from in the first place.

Oh, how I was hoping to see something fun like an original Mydoom message from CERT.

Post a new comment
Error

Anonymous comments are disabled in this journal
We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

We will log you in after post

Anonymously

switch

LiveJournal

Facebook

Twitter

OpenId

Google

MailRu

VKontakte

Anonymously

default userpic

Your reply will be screened

Your IP address will be recorded

Preview comment

Help
1 comment

Post a new comment
1 comment

Log in

mydoom gets around

Error