[TriLUG] Re: [lug] N00b: Security Warning Fun

Ryan Wheaton ryan.wheaton at comcast.net
Tue Aug 19 15:27:10 EDT 2003


I've noticed an unsual high amount of spam coming through as well.  Some 
with this subject, some with others, but all with a .pif attachment.  My 
firewall filters out .pif's so i'm not too concerned, but it's driving my 
users crazy (sometimes, emails come once a minute or so).  Anyone else seen 
this or have an explanation??

-ryan

At 01:20 PM 8/19/2003 -0600, you wrote:
>Folks, I just got a Procmail Security daemon message from uwaterloo
>saying:
>
>*** SECURITY WARNING ***
>Our email gateway has detected that your message to
>jwwalker msgid=<200308191900.h7JJ0nA01475 at watarts.uwaterloo.ca>
>MAY contain hazardous embedded scripting or attachments, or has been
>rejected by our site security policy for some other reason. If you have
>a question, please reply to this notification message.
>
>It goes on to say that I sent "wicked_scr.scr", which is one of the
>Sobig.F files.  Now am I right in assuming the worm spoofed my address
>and sent this out?  I never use mail on Windows, so I'm pretty sure *I*
>didn't send it, but I've never gotten one of these warnings before.
>
>Sorry for a dumb question, but as I said, this is new to me.
>
>Matt
>
>--
>"And isn't sanity really just a one-trick pony, anyway?  I mean,
>all you get is one trick, rational thinking, but when you're good
>and crazy, ooh ooh ooh, the sky's the limit!" -- The Tick
>   The Matt -- http://ucsub.colorado.edu/~thompsma/




More information about the TriLUG mailing list