As many people have already noted, the common miscreant from the logs
would seem to be one:

	***   rsb3958@u.cc.utah.edu (Robert Brock)   ***


From information that was emailed to me, and that I've read on the
net...

The scans were done in the early evening of the 29th of June.

Brock's account was disabled permanently on 6 July.

His logins around the time of the spam were from standalone machines
near the dept of engineering.  (In the past this person has had a
penchant for using such standalone machines that are not traceable.)
IMHO, this account will turn out to have been hacked.  (I hope so, for
Mr. Brock's sake.)

I have not heard from the admins of HARVARDA nor Utah.  If you do,
please inform me, and I'll add a copy of their response to my web page
on this matter.

I think folks might wish to write to the admins at
postmaster@utah.edu, or somehow contact the University Administration
itself to register our disapproval at their security.  Considering
that the ad involves mailing real US currency out of the country,
perhaps the authorities might be interested as well?

Anyhow, thanks to all those who sent me information.

If any further public information is sent my way, I will put it up on
http://www.panix.com/~lan/olga

--Larry