lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: Email

D B <> wrote:

> I'm by no means a security expert nor do I want to be,
> but while I read this list at 3 am my mind wanders and
> I wish for someone from experience to explain to me
> why any virus can infect any mail server / user  when
> those administrating a mail server can make a mail
> server handle mail in the manner I pasted a snippet of
> from my own in-box.
> ( obvious designator )
> ****************snippet****************
> This is a multi-part message in MIME format.
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: text/plain;
> 	charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
> The message cannot be represented in 7-bit ASCII
> encoding and has been 
> sent as a binary attachment.
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: application/octet-stream;
> 	name="message.pif"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> 	filename="message.pif"
> ****************snip***************
> ( end of obvious designator )

You are confusing the effect of a deliberate attempt by the Mydoom 
virus writer to "trick" the recipient of the virus' Emails into opening 
the attachment (and to then, "hopefully", open/execute the contents of 
the .ZIP file) with the actions of a mail server or relay ppresumably 
between the message's sender and its recipient.

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists