?????? #14798 ?????? ???????? SIMS@stalker.com
?? ????: Warren Michelsen <Warren@MDCCLXXVI.com>
????: Re: Suspect addresses compromised
????: Mon, 1 Nov 2004 12:05:37 -0700
????: SIMS Discussions <SIMS@mail.stalker.com>
At 10:22 AM -0600 11/1/04, NetHead wrote:
>I suspect that somehow the addresses on my mail server have been
>compromised. I have been getting a flood of worm-laden messages, many of
>them showing "FROM:" addresses on our mail server. I wouldn't think much
>of it normally; I'm well aware of the various worms that will hijack the
>address book on an infected computer and use those for forge the "FROM:"
>header. But today I saw one from a brand new e-mail address that has not
>been used yet (at least not to my knowledge).
>If I wanted to scour my mail logs for "harvesting" attempts, what key
>words should I use in the filters?

For starters, look for references to the not-yet-used email address.
??????????? (?????) ??????????? (????????) ??????????? (??????????) ?????????? ???????? Listmaster-?