[Dshield] Snake Mail Originator

Coxe, John B. JOHN.B.COXE at saic.com
Tue May 21 19:53:17 GMT 2002


Has anyone looked at the code enough to determine the defined originator
and/or reply-to address in the ixltd at postone.com mailings.  If the
compromised systems are sending to a full mailbox and if that mail is
bouncing, it is not apparently coming back to the infected networks.  Is
postone a red herring and the reply address the intended destination?

It would be nice to see the whole code.






More information about the list mailing list