[Asrg] Replay attack
Steve Atkins
steve at blighty.com
Tue Jan 13 18:32:11 PST 2009
On Jan 13, 2009, at 6:30 PM, Rich Kulawiec wrote:
> On Tue, Jan 13, 2009 at 08:46:39PM -0500, Chris Lewis wrote:
>> It won't verify, because it's signing the To, I have a copy with a
>> different To, with the same signature.
>
> Yep, same here. My copy appears to have been deliberately
> backscattered
> of an Exchange server (dsmail01.deansteel.com) -- unless, of course,
> that server's been botted, in which case no backscatter necessary.
> Most interesting; do either of you think this is a test run for
> something more subtle?
More likely accidental. Creating boilerplates for spamware
by copying headers from a random legitimate message is
nothing new (e.g. TheBat).
Cheers,
Steve
More information about the Asrg
mailing list