Sergio Masci wrote:
> I received 4 today from 128.95.148.34 all spoofed to look like they
> are comming from someone else but 128.95.148.34 does resolve to
> washington.edu.

I've gotten probably a half dozen of them since around noon yesterday.  They
were obviously viruses, so I've just been deleting them.  I just got another
one to my PIClist address:

> Received: from 194.129.230.253 (7host.com) by mail.embedinc.com ; 2004 JAN
27 03:50:28  EST
> From: sales@7host.com
> To: olin_piclist@embedinc.com
> Subject: hello
> Date: Tue, 27 Jan 2004 08:49:20 +0000
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>  boundary="----=_NextPart_000_0000_A9E6508D.897566D2"
> X-Priority: 3
> X-MSMail-Priority: Normal
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0000_A9E6508D.897566D2
> Content-Type: text/plain;
>  charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
>
> The message contains Unicode characters and has been sent as a binary
attachment.
>
>
> ------=_NextPart_000_0000_A9E6508D.897566D2
> Content-Type: application/octet-stream;
>  name="document.scr"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>  filename="document.scr"

The address 194.129.230.253 turns out to be wan-01.london-dev.monster.co.uk,
not 7host.com as the machine claimed.  Some idiot there must be subscribed
to the PIClist (hopefully not anymore).

> Needless to say they got stomped on.

How does one do that?


*****************************************************************
Embed Inc, embedded system specialists in Littleton Massachusetts
(978) 742-9014, http://www.embedinc.com

--
http://www.piclist.com hint: PICList Posts must start with ONE topic:
[PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads