I received an email from the list today that appears to be bogus. It has an attached file called file.zip (which I have not opened). AVG detected the Dropper.Generic_c.GH trojan horse in the file.
The subject of the message is "[regex-coach] Mail System Error - Returned Mail"
The body of the message is:
Dear user of common-lisp.net,
We have received reports that your account has been used to send a large amount of unsolicited e-mail during this week. Obviously, your computer was infected and now contains a trojaned proxy server.
Please follow the instruction in order to keep your computer safe.
Virtually yours, The common-lisp.net team.
Here is a partial header with some info obscured by "*****":
Return-Path: regex-coach-bounces@common-lisp.net Received: from common-lisp.net [80.68.86.115] by ***** with SMTP; Fri, 28 Sep 2007 09:50:12 -0700 Received: by common-lisp.net (Postfix, from userid 65534) id 705C27E04A; Fri, 28 Sep 2007 12:49:36 -0400 (EDT) Received: from common-lisp.net (localhost [127.0.0.1]) by common-lisp.net (Postfix) with ESMTP id 2C5175311A for <*****>; Fri, 28 Sep 2007 12:49:26 -0400 (EDT) Received: by common-lisp.net (Postfix, from userid 65534) id D868050044; Fri, 28 Sep 2007 12:49:23 -0400 (EDT) Received: from common-lisp.net (unknown [189.177.43.107]) by common-lisp.net (Postfix) with ESMTP id 25ABC4E03C for regex-coach@common-lisp.net; Fri, 28 Sep 2007 12:49:21 -0400 (EDT) X-Original-To: regex-coach@common-lisp.net Delivered-To: regex-coach@common-lisp.net From: "Automatic Email Delivery Software" noreply@common-lisp.net To: regex-coach@common-lisp.net Date: Fri, 28 Sep 2007 11:47:05 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0008_07436ADC.6EB5240A" Message-Id: 20070928164921.25ABC4E03C@common-lisp.net Subject: SPAM-LOW: [regex-coach] Mail System Error - Returned Mail
The header appears to be very well spoofed or it's actually coming from the expected server. It looks a lot like one from a known-good message.
Dennis