[thelist] Returned mail that did not originate at our organization

Anthony Baratta Anthony at Baratta.com
Tue Nov 19 11:51:01 CST 2002


At 09:36 AM 11/19/2002, Chris W. Parker wrote:

>what i think is happening is that this email was sent by some infected
>computer which also happened to have one of our email addresses
>(ourUser at ourDomain.com). when the virus sent the email it replaced any
>sort of legitimate return address with a random address which just so
>happened to be ourUser at ourDomain.com. therefore when the end system AOL
>received the email it assumed it was sent from us because of the fake
>return address.

You are probably (99%) correct. New trojans change the from address, but
can be tracked if you have the internet headers. Hopefully the returned
email will contain enough of the headers from the original email to track
the real source.
---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."




More information about the thelist mailing list