Your application

John E. Malmberg wb8tyw at
Tue Jun 3 12:20:11 GMT 2003

Tim Potter wrote:
> On Tue, Jun 03, 2003 at 01:48:06AM +0000, splint-bug at wrote:

 From []?  This does not 
appear to be a mail server.

>>Please see the attached file.
> Which was stripped by mailman.  Care to resend?  Assuming you are not a
> spammer of course.

It is the same worm that was being sent with the forged address of 
support(at)  It has morphed to use different from: address.

Apparently this worm is going directly to the SAMBA MX from the infected 

#ifdef Paranoia
It may be that it's purpose is to identify machines that are vulnerable 
to being taken over, so it targets e-mail addresses from usenet.  Then 
the cracker can use google to find I.P. addresses and possibly e-mail 
addresses in the archives that they can send remote control programs too.

wb8tyw at
Personal Opinion Only

More information about the samba-technical mailing list