[Dshield] Snake Mail Originator
Coxe, John B.
JOHN.B.COXE at saic.com
Tue May 21 19:53:17 GMT 2002
Has anyone looked at the code enough to determine the defined originator
and/or reply-to address in the ixltd at postone.com mailings. If the
compromised systems are sending to a full mailbox and if that mail is
bouncing, it is not apparently coming back to the infected networks. Is
postone a red herring and the reply address the intended destination?
It would be nice to see the whole code.
More information about the list