lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Feb 2004 14:15:57 -0500
From: "Richard M. Smith" <>
Subject: Why are postmasters distributing the MyDoom virus?


I was looking over the MyDoom email messages that I received today and found
about 15 copies of the worm which came from postmasters in bounce messages.
Some postmasters, when sending out a bounce message, include the original
email message as an attachment.  If a bounce message is for a
MyDoom-infected message, the bounce message will sometimes include an intact
copy of the MyDoom executable which can be run by mistake with a few mouse

It looks like some postmasters are in the virus distribution business pretty
much like the MyDoom virus itself.  Perhaps these postmasters need to review
their bounce message policies and remove all attached files from messages
being bounced.

Attached is a list of postmasters that appear to have sent me intact copies
of the MyDoom virus today.

Richard M. Smith


System Administrator []
Mail Delivery Subsystem []
Mail Delivery System []
Mail Delivery Subsystem []
Mail Delivery Subsystem [MAILER-DAEMON@...T.Net]
Mail Delivery Subsystem []

Powered by blists - more mailing lists