[sane-devel] Binary (worm/virus?) mails claiming to come from
SANE developpers
Theodore Kilgore
kilgota@banach.math.auburn.edu
Tue, 2 Apr 2002 20:02:22 -0600 (CST)
Off-topic for the sane-devel list, but:
Even though e-mail attachments with Windows viruses do not threaten me
personally at all, I am concerned very much about security. And I
understand from the security team at Auburn University, where I work, that
basically we can't do very much about things coming from sites outside the
U.S. So I want to ask, and maybe somebody over across the Big Water knows
who to talk to.
Why do I get so many apparent breakin attempts recorded in my log files,
from, of all places, wanadoo.fr? What is happening there, anyway?
Sorry again about the off-topic. If anyone has any idea what is happening
then contact me directly and leave it off the sane-devel site. But how
else do I ask a public question? And I see the name wanadoo.fr right here
in this message, too.
Ted Kilgore
On Tue, 2 Apr 2002, Henning Meier-Geinitz wrote:
> Hi,
>
> Just for your information: I got quite a view emails containing binary
> attachments that look like a worm or virus intended for MS Windows.
> Nothing unusual but this time they claim to be sent by the SANE
> mailinglist or other senders in connection to SANE or scanners. Peter
> Fales told me he got one pretending to be sent by me so maybe others
> have also received such mails.
>
> The emails don't come from the persons or lists indicated in the From:
> header. Be careful if you use insecure mailers or operating systems :-)
>
> Examples of From: headers:
>
> support <support@mustek.de>
> inet <inet@microsoft.com>
> majordomo <majordomo@mostang.com>
> sane-devel <sane-devel@mostang.com>
>
> Examples of subjects:
> A funny game
> Accepter les cookies pour que ce service
> A WinXP patch
> Let's be friends
>
> >From the received headers, the emails have been sent through different
> hosts at e.g. teleline.es, ornis.com and wanadoo.fr which don't seem
> to be open relays but I only had a quick look.
>
> Bye,
> Henning
> _______________________________________________
> Sane-devel mailing list
> Sane-devel@www.mostang.com
> http://www.mostang.com/mailman/listinfo/sane-devel
>