Greetings:

For whatever reason, it seems that I have become the target (or masqueraded
source as the case may be) of an email prank.

Someone originating from SERVER4 (193.128.138.68 [193.128.138.68]) is
sending out the email portion of the Nimda virus with *my* email address as
the FROM. The RIPE whois server (responsible for European addresses)
reports the netblock ownership as follows:
inetnum: 193.128.138.64 - 193.128.138.127
netname: EEIA-NET
descr: East of England Investment Agency Ltd
country: GB
admin-c: RF778-RIPE
tech-c: RF778-RIPE
status: ASSIGNED PA
mnt-by: AS1849-MNT
changed: jamesbuk.uu.net 19980630
changed: stephenbuk.uu.net 19990915
source: RIPE

I don't really know what I can do about it other than to notify you folks.
The SF newsgroups are the only email-based groups I participate in from this
box or address, so if this is malicious it is likely that you might get an
email that looks like it is from me. Of late, I have been posting all my
content directly to the HammerOfGod website, and have not been using
attachments (I learned my lesson from the Mutex program I zipped up and sent
out...) Besides, I would NEVER send out and .exe. In fact, I couldn't even
if I wanted to as my mail is first filtered by my local server, and then by
2 others before it finally goes out to the world.

Sorry for any confusion, but there is not much I can do about it.

AD

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]