lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <070201c38436$f926dd00$1401a8c0@wserv2003.internal.lewislan.id.au>
From: kye at lewislan.id.au (Kye Lewis)
Subject: Swen Really Sucks

[..]

> So, has anyone actually sent mail to an envelope sender to see if
> they're actually infected? Or is it possible this thing just likes to
> fake the same sender for all outgoing messages?

Seeing that I have a collection of around 2000 unique and believable
return-paths from this virus, it seems quite likely that they're legitimate.

I have also recieved a few emails forwarded through from the sender's mail
servers informing me that I have been sent a virus.
And, as was said, the email addresses in the return path, and the servers
that the mail travels through to get here, do indeed link together.

That evidence linked together provides a pretty strong case that they're not
faked.

- Kye Lewis
<kye -at- lewislan- dot- id -dot- au >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ