[sane-devel] Virus warning: Abuse of sane-devel email addresses

Henning Meier-Geinitz henning@meier-geinitz.de
Wed, 23 Jul 2003 19:55:53 +0200


On Wed, Jul 23, 2003 at 07:15:51PM +0200, Oliver Schwartz wrote:
> in the last two days I received two emails with faked addresses that 
> claimed to be sent via sane-devel (but in fact were not). Both emails 
> contained a .pif file which, I assume, contains a virus. DO NOT OPEN 

I have received emails claiming to be sent by SANE developers for
about 18 months now.

> The sender names were taken from SANE-Devel (Martin Kho, Henning 
> Meyer-Geinitz). The email address of the sender, however, was faked 
> (see attached mail below). To make the mail look more authentic it 
> also gives a small quote from an previous email to sane-devel.

That one looks like a new sort of worm/virus. I have received about 10
of those during the last two weeks. Mostly "from" SANE developers, but
also from other entities. One claims to be sent by "Henning
Meier-Geinitz" <henning@microsoft.com>. I thought about suing the real
author because of this defamation :-)

> I don't think such mails can be prevented, but, as always, you should 
> take extra care when opening attachements, even from people you 
> recognize from the mailing list.

I'd be interested on how the mails are created. Is the person who is
infected by this worm subscribed to sane-devel? Or are the messages
scanned from the web archive?

All mails of this type were sent over vsmtp1.tin.it. IIRC, that's a
big Italien provider.

> From: Henning Meier-Geinitz <henning@microsoft.com>

Hah, that's the same mail I also got today.

> X-Spam-Status: No, hits=-6.4 required=5.0
>         autolearn=ham version=2.53

-6.4 point for an obvious worm. Looks like GMX has to do more homework.