Greg Hewgill (ghewgill) wrote,
Greg Hewgill
ghewgill

mydoom gets around

I subscribed to a couple of mailing lists at http://www.us-cert.gov today. This involved writing an email message to majordomo at their site, and then replying to a confirmation message they send to you. Because I have greylisting set up, I had expected to wait a while before receiving the first confirmation message. However, to my surprise I received the confirmation message almost right away! That meant that the mail server at CERT had already contacted mine sometime within the last five days.

I began to think how ironic it would be to have received a Mydoom message from CERT themselves, and if they had an infected computer there. I quickly scanned through mail logs looking for their IP address, and sure enough I found that their server had sent me a message early monday morning.

I did find it, but it turned out to be fairly unexciting. Some other computer out there on the internet somewhere had forged a Mydoom message from <brenda@hewgill.com> to <majordomo@us-cert.gov>, and their mail server dutifully responded back to brenda with a confirmation message. I don't have that confirmation message anymore (I've been deleting a lot of mail lately), but it would have been interesting to see where it came from in the first place.

Oh, how I was hoping to see something fun like an original Mydoom message from CERT.
Tags: spam
Subscribe

  • url blacklists

    One of the most useful antispam techniques of late has been the "URL blacklist". This compares all URLs found within a message body against one or…

  • another spam filter rendered ineffective

    A while ago I turned up as much spam and junk mail protection stuff as I could find in my Postfix configuration. Specifically, I had the following…

  • stock spam disclaimer

    I happened to read the disclaimer text at the bottom of a stock spam I got today. I was amused (emphasis mine): Information within this report…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment