[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Groff] Our spam
From: |
Ted Harding |
Subject: |
[Groff] Our spam |
Date: |
Sat, 27 Jan 2007 10:31:29 -0000 (GMT) |
Hi Folks,
I've browsed a bit on one of the subject lines from our
current spate of spam (similar to what we were getting
around Feb - September 2005).
This turned up a worm virus known by various names,
such as I-Worm.Nyxem.b, Win32:Nyxem, Win32.Blackmal.B,
I-Worm.Win32.MyWife.79409, Worm/Nyxem.B, Win32/address@hidden
A full description can be found at
http://www.trendmicro.com/vinfo/virusencyclo/
default5.asp?VName=WORM_BLUEWORM.E
[equivalently at http://tinyurl.com/2baq3s if you prefer]
which indicates that it apparently dates from June 2004.
I'm still puzzled by our own experience of it. For some
reason, the most frequent "sender" is myself, with a few
(in the past) "from" Werner or, once or twice, "from"
Joergen Haegg.
Also, the groff list is the only one (of many lists I am on)
which receives it.
For what it's worth, the latest stream originates from IP
addresses owned by Awalnet in Saudi Arabia, e.g.
whois 86.60.115.64
inetnum: 86.60.112.0 - 86.60.123.255
netname: Awal_Jawal_Pro
descr: Awalnet Jawal Proj
country: SA
which is different from previous streams, e.g. Feb-Sep 2005:
whois 194.2.232.250
inetnum: 194.2.232.0 - 194.2.232.255
netname: FR-ISEP
descr: Institut Superieur d'Electronique de Paris
So, despite the variations in apparent source, the limitation
(in our experience) to the groff list, and to a few "senders"
seems to be invariant!
Anyway, let's hope that Werner's action, based on Nick's
excellent analysis. will do the trick!
Best wishes to all,
Ted.
--------------------------------------------------------------------
E-Mail: (Ted Harding) <address@hidden>
Fax-to-email: +44 (0)870 094 0861
Date: 27-Jan-07 Time: 10:31:15
------------------------------ XFMail ------------------------------
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Groff] Our spam,
Ted Harding <=