[FPSPACE] Another virus attack
Constantine Domashnev
cdomashnev at acm.org
Thu Nov 4 14:19:33 EST 2004
> I suspect that these virus attack attempts are not conscious attacks by a
> person, but by some program that has gone searching for e-mail addresses
> to spoof.
The IP address, the malicious email was sent from, can be traced in most of
the cases.
The email address, which appears in the 'From:' header, has nothing to do
with that IP address.
That is unless an email server uses DNS lookup and accepts only messages
from IP addresses, which are the same as the address, the IP name at '@' in
'From:' is reverse-resolved to. FPSpace server does not do reverse DNS
lookup (which is a good thing for people who use aliased [forwarded] email
addresses, as myself).
In any case, the full header of the offending messages should contain the IP
address, the messages has in actuality originated from.
Theoretically, an infected message can be sent by a self-propagating virus
from a victim' mailbox automatically; however, in majority of cases it is
triggered manually by a malicious human.
More information about the FPSPACE
mailing list