Re: [idn] Nimda virus information

[YangWoo Ko <newcat@spsoft.co.kr>]

On Thu, Nov 08, 2001 at 11:28:27AM +0900, Bruce Thomson wrote:
> > 
> > According route informatin in the mail header, it was NOT originated
> > from Yves but from somewhere else. Maybe virus forge sender field
> > of mail message.
> > 
> Or possibly the virus has infected another computer Yves has used in
> the past to post to this list. It should be possible to figure it out from the
> mail headers, but I already deleted my copy of the infected mail.

I attached infected mail header. Please see where it started its journey.
I overwrite IP address with '?' to avoid unintended dispute.

) Date: Tue, 06 Nov 2001 17:54:03 -0800
) From owner-idn@ops.ietf.org  Wed Nov  7 12:00:50 2001
) From: <yves@realnames.com>
) Subject: [idn] ip
) Return-Path: <owner-idn@ops.ietf.org>
) Received: from psg.com (psg.com [147.28.0.62])
)	 by nexus.spsoft.co.kr (8.10.0/8.10.0) with ESMTP id fA7301l01436
)	 for <newcat@spsoft.co.kr>; Wed, 7 Nov 2001 12:00:08 +0900
) Received: from lserv by psg.com with local (Exim 3.33 #1)
)	id 161Hut-0003c9-00
)	for idn-data@psg.com; Tue, 06 Nov 2001 17:54:11 -0800
) Received: from [???.???.?.??] (helo=ALBERT)

                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^

)	by psg.com with smtp (Exim 3.33 #1)
)	id 161Hul-0003bw-00
)	for idn@ops.ietf.org; Tue, 06 Nov 2001 17:54:03 -0800
) MIME-Version: 1.0
) Content-Type: multipart/related;
)	type="multipart/alternative";
)	boundary="====_ABC123456j7890DEF_===="
) X-Priority: 3
) X-MSMail-Priority: Normal
) X-Unsent: 1
) Message-Id: <E161Hul-0003bw-00@psg.com>
) Bcc:
) Sender: owner-idn@ops.ietf.org
) Precedence: bulk

-- 
/*------------------------------------------------
YangWoo Ko : newcat@spsoft.co.kr
We Invent Enterprise Software Solutions
and Make You Secure & Powerful.
------------------------------------------------*/