[WBEL-users] (no subject)
Johnny Hughes
mailing-lists@hughesjr.com
Wed, 28 Jan 2004 04:52:43 -0600
Not that it really matters ... but the W32.Novarg.A@mm virus that was
sent into this list yesterday with the from address of
mailing-lists@hughesjr.com did not originate at hughesjr.com.
I had no infected computers here. Novarg spoofs the from field in it's
e-mails, but if you are curious where an e-mail actually came from, you
can look at the IP address in the e-mail headers.
In the case of this specific e-mail that made it into this list with my
address spoofed into the from field it says:
"Received: from hughesjr.com ([81.185.63.249]) by odin.library.beau.org
(8.11.6/8.11.6) with ESMTP id i0RGM1i29656 for
<whitebox-users@beau.org>; Tue, 27 Jan 2004 10:22:01 -0600"
The computer that actually sent the e-mail was 81.185.63.249 and the
information from the www.ripe.net whois database shows that the IP
originates from a telecom in France. He is the info:
inetnum: 81.185.0.0 - 81.185.255.255
netname: FR-9-TELECOM-20021230
descr: Provider Local Registry
descr: 9 Telecom
country: FR
Thanks,
-Johnny Hughes
On Tue, 2004-01-27 at 10:22, mailing-lists@hughesjr.com wrote:
> Mail transaction failed. Partial message is available.
>
>