[sane-devel] Virus warning: Abuse of sane-devel email addresses
Wed, 23 Jul 2003 19:55:53 +0200
On Wed, Jul 23, 2003 at 07:15:51PM +0200, Oliver Schwartz wrote:
> in the last two days I received two emails with faked addresses that
> claimed to be sent via sane-devel (but in fact were not). Both emails
> contained a .pif file which, I assume, contains a virus. DO NOT OPEN
> THIS FILE.
I have received emails claiming to be sent by SANE developers for
about 18 months now.
> The sender names were taken from SANE-Devel (Martin Kho, Henning
> Meyer-Geinitz). The email address of the sender, however, was faked
> (see attached mail below). To make the mail look more authentic it
> also gives a small quote from an previous email to sane-devel.
That one looks like a new sort of worm/virus. I have received about 10
of those during the last two weeks. Mostly "from" SANE developers, but
also from other entities. One claims to be sent by "Henning
Meier-Geinitz" <firstname.lastname@example.org>. I thought about suing the real
author because of this defamation :-)
> I don't think such mails can be prevented, but, as always, you should
> take extra care when opening attachements, even from people you
> recognize from the mailing list.
I'd be interested on how the mails are created. Is the person who is
infected by this worm subscribed to sane-devel? Or are the messages
scanned from the web archive?
All mails of this type were sent over vsmtp1.tin.it. IIRC, that's a
big Italien provider.
> From: Henning Meier-Geinitz <email@example.com>
Hah, that's the same mail I also got today.
> X-Spam-Status: No, hits=-6.4 required=5.0
> autolearn=ham version=2.53
-6.4 point for an obvious worm. Looks like GMX has to do more homework.