[ale] Apparently used in spam or virus distribution

Transam bob at verysecurelinux.com
Tue Aug 19 13:53:57 EDT 2003


On Tue, Aug 19, 2003 at 10:53:31AM -0400, John Mills wrote:
> ALErs -

> This morning I received two notices from UK recipients to the effect that 
> mail from me contained suspect attachments, identified in one case as a 
> PIF file.

> As I am not aware of sending any mail to these recipients and do not have 
> copies of the suspect mail, I can't tell whether they represent a 
> compromise of my Linux-2.4.20 system, the Pine newsreader, fetchmail, 
> sendmail, or some other link of the chain.

> Any suggestions for learning if this is really my problem?
Very likely NOT your problem.  They probably are using a spam mailing list.
Maybe a spammer even got compromised -- breaks my heart when that happens.

Look at the headers where the mailer is specified.  If it is
Outlook, Eudora for Winbloz, etc. then clearly it is not from
your system.

Look at the Received headers and determine if they match email that
originated from your system, i.e., via your ISP.  In either case it very
likely is not from your system.

> Thanks.
>  - John Mills
>    john.m.mills at alum.mit.edu

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list