Archives of this list are public at https://www.ripe.net/ripe/mail/archives/members-discuss/. Not everyone reading these messages will be an LIR. On Wed, Mar 30, 2022 at 5:57 PM Andrzej Ława <andrzej.lawa@dawis-it.pl> wrote:

As I was afraid Russian agents are trying to distribute malware using data from this mailing list (links to onedrive.com to download something).

In last days I've received at least two spoofed e-mail pretending to be from this mailing list quoting my older posts in this mailing list - thus it has to be an attempt from someone who has access to this mailing list.

The offending IPs are:

62.3.58.13

and

193.233.207.195

(originating mail IPs, both geolocated in Russian Federation)

I say again: both spoofed e-mail were quoting my older mails on this mailing list and attempting to pretend to be responses to my inquiries (one "personal information" and one "you can pay here for your LIR membership"). Thus the perpetrator has to be a LIR, not just a user of those operators.

What are the RIPE rules regarding LIRs trying to send other LIRs malware?

-- Regards Andrzej Ława tel. 500 206 268 DAWIS IT Sp. z o.o., 05-800 Pruszków, ul. Staszica 1 NIP 5342409456 / REGON 141663620/ KRS 0000319237

_______________________________________________ members-discuss mailing list members-discuss@ripe.net https://lists.ripe.net/mailman/listinfo/members-discuss Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/matthias%40matthias.z...