Date: 2004-02-03 19:33:00
Tags: spam
mydoom gets around
I subscribed to a couple of mailing lists at today. This involved writing an email message to majordomo at their site, and then replying to a confirmation message they send to you. Because I have greylisting set up, I had expected to wait a while before receiving the first confirmation message. However, to my surprise I received the confirmation message almost right away! That meant that the mail server at CERT had already contacted mine sometime within the last five days.

I began to think how ironic it would be to have received a Mydoom message from CERT themselves, and if they had an infected computer there. I quickly scanned through mail logs looking for their IP address, and sure enough I found that their server had sent me a message early monday morning.

I did find it, but it turned out to be fairly unexciting. Some other computer out there on the internet somewhere had forged a Mydoom message from <> to <>, and their mail server dutifully responded back to brenda with a confirmation message. I don't have that confirmation message anymore (I've been deleting a lot of mail lately), but it would have been interesting to see where it came from in the first place.

Oh, how I was hoping to see something fun like an original Mydoom message from CERT.
[info]cdy : us-cert
You're doing better than me. I signed up for a few of their lists the day they were turned on and it took ~36 hours for me to complete the request -> ack -> subscribed cycle. And I don't have any greylists, this was all on their end. :-)
Greg Hewgill <>