[PLUG] Very long message ID from client - Outlook infection?
Keith Lofstrom
keithl at kl-ic.com
Wed Dec 28 22:49:18 UTC 2005
I don't know whether this means anything, but I got a message from
a potential client in Beaverton that has a strange message ID:
!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAxLkJF2VfLkOlCfAsg2WrTMKAAAAQAAAAE4On7vWWUESqKFpE0KjRQQEAAAAA at ______-inc.com
(name changed to protect the innocent).
They are using Outlook:
X-Mailer: Microsoft Outlook, Build 10.0.6626
Since the average message ID number part is around 15-25 characters,
and the longest legitimate ID in a few hundred recent emails is 40
(amazon.com, who else?), I wonder if this is a sign that they have
Outlook misconfigured, or perhaps even zombied and attempting a
buffer overflow?
I checked 190K archived emails, and have seen this about 12 times in
legitimate mail over the last year (all from Outlook) and quite a few
in spams. Any ideas?
Keith
--
Keith Lofstrom keithl at keithl.com Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
More information about the PLUG
mailing list