[WBEL-users] (no subject)

Johnny Hughes mailing-lists@hughesjr.com
Wed, 28 Jan 2004 04:52:43 -0600


Not that it really matters ... but the W32.Novarg.A@mm virus that was
sent into this list yesterday with the from address of
mailing-lists@hughesjr.com did not originate at hughesjr.com.

I had no infected computers here.  Novarg spoofs the from field in it's
e-mails, but if you are curious where an e-mail actually came from, you
can look at the IP address in the e-mail headers.

In the case of this specific e-mail that made it into this list with my
address spoofed into the from field it says:

"Received:  from hughesjr.com ([81.185.63.249]) by odin.library.beau.org
(8.11.6/8.11.6) with ESMTP id i0RGM1i29656 for
<whitebox-users@beau.org>; Tue, 27 Jan 2004 10:22:01 -0600"

The computer that actually sent the e-mail was 81.185.63.249 and the
information from the www.ripe.net whois database shows that the IP
originates from a telecom in France.  He is the info:

inetnum:      81.185.0.0 - 81.185.255.255
netname:      FR-9-TELECOM-20021230
descr:        Provider Local Registry
descr:        9 Telecom
country:      FR

Thanks,

 -Johnny Hughes 

On Tue, 2004-01-27 at 10:22, mailing-lists@hughesjr.com wrote:
> Mail transaction failed. Partial message is available.
> 
>