[Bordermarch] Virus problem....

Phocas of Bordermarch phocas at anderson-studio.com
Fri Dec 10 12:27:19 PST 2004


The person also had one of the email accounts I setup for autumn Melees
stewards.  Also an address for raymondjames.com....  I was able to Ping them
yesterday afternoon, but last night they were not connected at
68.88.125.116...  got this in this morning:
 ===================
Your message was not delivered to the following recipients:
robbie.jordan at raymondjames.com: Your message has been rejected because it
contains an attachment which is not supported by the Raymond James E-Mail
system. If you feel you have received this warning error please contact the
Raymond James recipient or your Raymond James personal service center
representative.
obbie.jordan at raymondjames.com: Your message....
3Drobbie.jordan at raymondjames.com: Your message......
Connie.Stinson at raymondjames.com: Your Mesage ......
============================================
But the header now shows it from:
Received: from ([64.219.118.137] [64.219.118.137]) by mailhub2f.rjf.com;
Fri, 10 Dec 2004 11:55:08 -0500
From: new_account at bordermarch.org   <----- virus Spoofs the from field.
To: robbie.jordan at raymondjames.com
Date: Fri, 10 Dec 2004 16:13:29 UTC
Subject: Confirmation <KEY:6354>
=============================================
When ever the DSL connection goes down and then reconnected, a new IP
address is assigned.

so, today I'm looking for 64.219.118.137 instead of 68.88.125.116

Both of these addresses are in IP address blocks assigned to SBC/SWbell


I *THINK* we have cleared :
          Selina (66.138.56.124)
MadPict(Iain) (68.93.120.100)
Baron(ess)    (65.70.249.92)

By looking at thier email headers
Phocas




 -----Original Message-----
From: bordermarch-bounces+phocas=anderson-studio.com at ansteorra.org
[mailto:bordermarch-bounces+phocas=anderson-studio.com at ansteorra.org]On
Behalf Of Charles
Sent: Thursday, December 09, 2004 10:16 PM
To: Barony of Bordermarch
Subject: Re: [Bordermarch] Virus problem....


  Camron,
  I can narrow down the culprit from there. It's someone who has my address
in their address book but isn't on the Bordermarch at Ansteorra list. I've
been getting 15 to 20 virus hits a day for about two weeks now but there
haven't been any hits to the Ansteorra list. Maybe this'll help find it.
Talk to you soon, Chuck
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ansteorra.org/pipermail/bordermarch-ansteorra.org/attachments/20041210/a5703a1a/attachment-0002.htm>


More information about the Bordermarch mailing list