@omega.... For one the lists are being spammed with the spoofed email randomly (eg: not all at the same time) which if it were just a normal common worm, all the lists would get hit at exactly the same time. Which demonstrates that this is a user going to the cafe at random times, and sending emails periodically (or remote hacking the network @ the cafe). While the virus has the same name, does not mean it is not a variant. Far as what else is getting hit.
If anything else were getting hit (eg: other companies, private email addys, etc.) I am sure the TOS of the isp in Poland is the same as the rest of the world. Which means he'd be termed by the isp until the network was cleaned and he could show that it was through no fault of his own that the worm was being distributed through his network. However, with just one victim (Valve) who lacks the motivation to follow up on network security breaches, it's a good bet that the spoofed emails are targeted only at Valve. Let me break it down in laymens terms. If the network had the worm you refer to, it would be spamming the worm to everyone that ever sent an email to that guy. Which I am sure includes his isp, which he would have been shut down by now for. Now, with that in mind, add the fact that the file attachment is the worm, not the email. The worm does not spoof its own email addy, never did. Someone is targeting Valve solely with this, you can bet every penny you ever made on that. With that, lets move on this topic is getting stale and I am already in contact with Valve privately regarding the matter. -=]H[=-StealthMode _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders