[Techtalk] bogus bounces--WTF?

Alvin Goats agoats at compuserve.com
Wed Oct 15 11:48:00 UTC 2008


If you have some mailing list you admin, there are certain "subscribers" 
that get hit by default: president, vicepresident, vice_president, 
vice-president, secretary, treasurer, user, webmaster and so on. These 
can be bounced to an admin or deleted; because we have jobs posting and 
HR/recruiters rarely set their mail correctly, we have the messages 
bounced. I've been getting some heavy bounce traffic lately as the 
sender is not a part of the members list and we filter whether you're a 
member or not as well as for attachments and format (plain text only). 
Most of the bounces have had trojan downloaders on them and coming from 
a particular site (69.24.135.141), even though it appears to come from 
many different people (spoofing).

Be aware, these trojans are very new and I've had to wait a few days for 
ClamAV to have updates that will scan them. All have targeted microsoft 
to date.

Alvin


More information about the Techtalk mailing list