[Techtalk] bogus bounces--WTF?
Alvin Goats
agoats at compuserve.com
Wed Oct 15 11:48:00 UTC 2008
If you have some mailing list you admin, there are certain "subscribers"
that get hit by default: president, vicepresident, vice_president,
vice-president, secretary, treasurer, user, webmaster and so on. These
can be bounced to an admin or deleted; because we have jobs posting and
HR/recruiters rarely set their mail correctly, we have the messages
bounced. I've been getting some heavy bounce traffic lately as the
sender is not a part of the members list and we filter whether you're a
member or not as well as for attachments and format (plain text only).
Most of the bounces have had trojan downloaders on them and coming from
a particular site (69.24.135.141), even though it appears to come from
many different people (spoofing).
Be aware, these trojans are very new and I've had to wait a few days for
ClamAV to have updates that will scan them. All have targeted microsoft
to date.
Alvin
More information about the Techtalk
mailing list