Does Lirva send from a genuine address?
Julian Field
mailscanner at ecs.soton.ac.uk
Mon Jan 13 11:12:01 GMT 2003
At 10:11 13/01/2003, you wrote:
>----- Original Message -----
>From: "G Welter" <G.Welter at ROCLEIDEN.NL>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Monday, January 13, 2003 9:26 AM
>Subject: Re: Does Lirva send from a genuine address?
>
> > >From the mcafee page you mentioned below:
> >
> > The worm uses the default SMTP server of the infected computer, and then
>adds either the address of the sender or a randomly selected email address
>to the "From:" line of the email.
> >
> > So it seems to me that the from address is bogus. So yes, it should be
>added to the silent viruses.
I can see us all slowly coming to the situation that we turn off sender
warnings altogether some time in the next year or so. Trouble is, this is
going to make the virus situation worse than ever as there will be
(practically) no way of finding the infected machines spewing out these
messages.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list