Weird email messages with "re:movie" and "re:application" in the subject line..

Steven M. Bellovin smb at
Thu Jun 26 03:37:56 UTC 2003

In message <200306260325.h5Q3PP5U025759 at>, Eric Brunner-Williams in 
Portland Maine writes:
>> W32/sobig.e at MM per McAffee.....
>I seem to have done one better ... according to a M$ host in Level3-land,
>the Unix box right in front of me sent the mail in question.
>Someone at L3 needs to call home. The only L3 turd in my mail log is their
>Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=<administrator at Lev
>>, size=1711, class=0, nrcpts=1, msgid=<[email protected]
>>, proto=ESMTP, daemon=MTA, [

And I've gotten bounces from mail allegedly from me.  It's not L3's 
fault; this particular worm forges From: lines on its email.

Another day, another worm.

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)

