Re: Inger's spam email claims

On Sun, 30 Oct 2005 11:45:38 GMT, in sci.archaeology, JerryT wrote:

>
>"Doug Weller" <dweller@xxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
>news:daa9m194jjpeddg7v5ce4vr1mclo796f29@xxxxxxxxxx
>> On Sun, 30 Oct 2005 10:48:01 GMT, in sci.archaeology, JerryT wrote:
>>
>> >
>> >"Doug Weller" <dweller@xxxxxxxxxxxxxxxxxxxxxxxx> skrev i meddelandet
>> >news:jl29m1pvdpmv21ibiaquhgpq83krs5ighi@xxxxxxxxxx
>> >> Ok, I just got an email with a worm in it.
>> >>
>> >> Can anyone tell me where it actually came from?
>> >
>> >Yes
>> >
>> >> The sender clearly didn't
>> >> realise that 'ramtops' is my Demon subdomain, so the text is pretty
>funny:
>> >
>> >It's a mass mailing worm with very low intelligence.
>> >
>> >
>> >> "Dear user dweller,
>> >>
>> >> You have successfully updated the password of your Ramtops account.
>> >>
>> >> If you did not authorize this change or if you need assistance with
>your
>> >> account, please contact Ramtops customer service at:
>> >> info@xxxxxxxxxxxxxxxxxxx
>> >>
>> >> Thank you for using Ramtops!
>> >> The Ramtops Support Team "
>> >>
>> >>
>> >> Here are *all* the headers.
>> >>
>> >
>> >What has Inger to do with stuff
>> >that origin from within your own
>> >domain.
>> >
>>
>> But it didn't, which is my point.
>
>Why do you ask if you know, and again,
>what has Inger got to do with it?
>
>You know damned well how a worm is
>propagated and to put Inger's name in the
>topic line is ridicoulus.

You still don't get the point.

Inger claims that her ISPs can trace the source of spam mail to
individuals. Ok, this isn't spam in one sense, but I challenge you to
trace the source. I've been argung that it isn't as easy as Inger claims,
and that she may be maligning people because she and her perhaps less-than
savvy ISP techs believe the headers.

Is that clear?

Doug

>
>It is a Chinese group known as Evil Security
>that is behind the latest realese of the Mytob
>worm, and according to their chief Mr. Evil
>there will be no more variants realesed.
>
> JerryT
>
>
>
>>
>> Doug
>>
>> >
>> >
>> >
>> >>
>> >>
>> >>
>> >> Return-Path: <info@xxxxxxxxxxxxxxxxxxx>
>> >> Received: from punt3.mail.demon.net by mailstore
>> >> for dweller@xxxxxxxxxxxxxxxxxxx id
>> >> 1ERKwj-3yk000-04-G1G;
>> >> Mon, 17 Oct 2005 02:41:53 +0000
>> >> Received: from [194.217.242.71]
>> >> (lhlo=anchor-hub.mail.demon.net)
>> >> by punt3.mail.demon.net with lmtp id
>> >> 1ERKwj-3yk000-04
>> >> for dweller@xxxxxxxxxxxxxxxxxxx; Mon, 17 Oct
>> >> 2005 02:41:53 +0000
>> >> Received: from [202.73.198.140]
>> >> (helo=ramtops.demon.co.uk)
>> >> by anchor-hub.mail.demon.net with esmtp id
>> >> 1ERKwb-0006Q4-27
>> >> for dweller@xxxxxxxxxxxxxxxxxxx; Mon, 17 Oct
>> >> 2005 02:41:53 +0000
>> >> From: info@xxxxxxxxxxxxxxxxxxx
>> >> To: dweller@xxxxxxxxxxxxxxxxxxx
>> >> Subject: [virus Win32/Mytob.EL worm] You have
>> >> successfully updated your password
>> >> Date: Mon, 17 Oct 2005 15:41:42 +1300
>> >> MIME-Version: 1.0
>> >> Content-Type: multipart/mixed;
>> >>
>> >> boundary="----=_NextPart_000_0000_73038EA3.BDCBDC8B"
>> >> X-Priority: 3
>> >> X-MSMail-Priority: Normal
>> >> X-NOD32Result: Infected, Win32/Mytob.EL worm
>> >> --
>> >> Doug Weller -- exorcise the demon to reply
>> >> Doug & Helen's Dogs http://www.dougandhelen.com
>> >> A Director and Moderator of The Hall of Ma'at http://www.hallofmaat.com
>> >> Doug's Archaeology Site: http://www.ramtops.co.uk
>> >>
>> >>
>> >
>> --
>> Doug Weller -- exorcise the demon to reply
>> Doug & Helen's Dogs http://www.dougandhelen.com
>> A Director and Moderator of The Hall of Ma'at http://www.hallofmaat.com
>> Doug's Archaeology Site: http://www.ramtops.co.uk
>>
>>
>
--
Doug Weller -- exorcise the demon to reply
Doug & Helen's Dogs http://www.dougandhelen.com
A Director and Moderator of The Hall of Ma'at http://www.hallofmaat.com
Doug's Archaeology Site: http://www.ramtops.co.uk


.