lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <E1AqfYj-0005Ce-PY@mikro.physik.TU-Berlin.DE>
Date: Tue, 10 Feb 2004 22:36:45 +0100 (CET)
From: Georg Schwarz <geos@...st.de>
To: "Richard M. Smith" <rms@...puterbytesman.com>
Cc: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...urityfocus.com>
Subject: Re: Why are postmasters distributing the MyDoom virus?



> It looks like some postmasters are in the virus distribution business pretty
> much like the MyDoom virus itself.  Perhaps these postmasters need to review
> their bounce message policies and remove all attached files from messages
> being bounced.

the mails probably bounced (were rejected by the target SMTP server) because
of an invalid recipient address. It is an ordinary and IMHO still good
practise to include the entire original mail in the bounce message.
Those mail servers did not bother about the content of the mail, so they
just sent it back (to the alledged return address), whether or not it
contained any malicious attachment. I think this is exactly what they are
supposed to do, and it is IMHO the best way they can react to the upstream
SMTP rejecting an email.
I think intermediate systems should not tamper with the mail, including
scanning for virii. The worst are such systems that only remove the virus
(which in many cases could easily be scanned for by the reciving system at
the end), leving the rest of the mail as hard-to-filter annoying junkmail.

Now the real issue is you, as the recipient, being in danger of executing
any arbitrary code (with powerful abilities to your system) found in an
email attachment by just an accidental mouse click (regardless how exactly
that mail reached you). Such MUAs are just an invitation for abuse. It is
here where any security measures should start. If it does not, such users
will always remain in jeopardy.


-- 
Georg Schwarz    http://home.pages.de/~schwarz/
 geos@...st.de     +49 177 8811442



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ