VIRUS (Worm.SCO.A) IN YOUR MAIL (fwd)
Johannes B. Ullrich
jullrich at sans.org
Tue Jan 27 12:28:48 EST 2004
No. its not spam. MyDoom, like most recent viruses, fakes the 'From:'
address. I guess you got lucky and it picked yours (do you have this
address posted on a web site?)
I guess its more a case of clue-less AV admins. These notifications are
essentially pointless, and in some cases worse then then virus
(I got flooded with them back when Sobig-f came out)
On Tue, 2004-01-27 at 11:27, David Kramer wrote:
> I just got this. As far as I know, my relays are closed tight and my
> firewall is solid. Is this spam?
> ---------- Forwarded message ----------
> Date: Tue, 27 Jan 2004 14:39:36 +0100 (CET)
> From: Anti-Virus <virusmelding at hsbos.nl>
> To: david at thekramers.net
> Subject: VIRUS (Worm.SCO.A) IN YOUR MAIL
>
> VIRUS ALERT
>
> Our virus checker found
> virus: Worm.SCO.A
> in your email to the following recipient:
> -> pschouten at hsbos.nl
>
> Delivery of the email was stopped!
--
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.blu.org/pipermail/discuss/attachments/20040127/455905b5/attachment.sig>
More information about the Discuss
mailing list