lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: tobias at weisserth.de (Tobias Weisserth)
Subject: viruses being sent to this list

Hi Gadi,

Am Mo, den 22.03.2004 schrieb Gadi Evron um 22:36:

> Today's spoof, of an email supposedly coming from me with an infected
> file was a cute trick by whatever kiddie, but doesn't really bother me.

There's no need to feel honoured Gadi. You were not "selected" and
"targeted" by a single person or "kiddie". The virus just collected your
address from this list or some archive or whatever and then used it to
forge the sender. No big deal and nothing to whine about. And it's
certainly no "cute trick" just plain virus realism every mail virus is
using nowadays.

> What does bother me is the following:
> ...

> However, the mailing list has become, in a growing trend, a means by
> which people transfer viruses, whether it is their intention or if they
> got "0wned" is irrelevant, distributing malware is illegal, and should
> be dealt with by the list owners.

You haven't understood the distribution cycle of modern mail viruses.
It's enough if one person on this list gets infected and then the virus
can collect addresses from that persons inbox to forge sender addresses.

I don't believe anybody is using fd to distribute malware. There's
simply no need for it. If you want to have one of these viruses you just
write a message to some news group with your real email address and off
you go: Sobig/D, Sven, Mydoom and so on are nicely entering your
mailbox.

The only problem is that this list may have people who get infected in
the first place or people not understanding how a virus works...

> It is also a growing concern among some of us that VX'ers now use this
> list to propagate viruses, once they are out in the wild.
> 
> Viruses must not be spread, especially on a security mailing list and to
> such a huge audience.

> It is my opinion that it is the _duty_ of the list owners to do
> something about this, as it is not only illegal, but it is irresponsible.

The only reasonable thing would be to either filter attachments with a
virus scanner or block attachments all along on fd.

Since my mails get filtered on my mail server by new-amavisd and I'm
simply not affected by win32 viruses I have no reason to complain.

> I'd have emailed the list owners privately, but as I am the latest
> victim of the latest spreading mechanism for viruses - Full-Disclosure,
> I demand and immediate public announcement on what is going to be done
> about this problem.

Stop embarrassing yourself.

> Thank you,

You're welcome.

kind regards,
Tobias W.

-- 
***************************************************
   ____  _____
  |  _ \| ____| Tobias Weisserth
  | | | |  _|   tobias@...sserth.[de|com|net|org]
 _| |_| | |___  http://www.weisserth.org
(_)____/|_____|
                
Encrypted mail is welcome.
Key and fingerprint: http://imprint.weisserth.org

***************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040323/3863ed81/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ