[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200403230133.i2N1XZv7016395@turing-police.cc.vt.edu>
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: viruses being sent to this list
On Tue, 23 Mar 2004 02:11:13 +0200, Gadi Evron <ge@...tistical.reprehensible.net> said:
> We can go into an endless discussion on liability. As FD is being used
> to spread malware, repeatedly, and filtering that malware is a matter of
> responsibility..
My mail server racked up 377,545 viruses recognized last week alone:
Breakdown:
158476 NETSKY.C (41.98%)
55024 NETSKY.D (14.57%)
38905 BAGLE-ZIP ( 10.3%)
24640 NETSKY.O ( 6.53%)
21338 NETSKY.B ( 5.65%)
16452 BAGLE.K ( 4.36%)
13908 BAGLE.J ( 3.68%)
12349 NETSKY.J ( 3.27%)
8047 DUMARU.K ( 2.13%)
5512 MYDOOM.A ( 1.46%)
I don't think that FD is the problem here. The problem is that the average
computer is basically designed for web surfing and virus propagation.
> One would think the FD managers would do something about this.
>
> This is not about the infected user, the VX'ers, or the ISP's.
It's *all* about the infected user, the A/V companies, and the ISPs.
Let's look at the archives of the list, postings from you this month:
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018957.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018992.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018996.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018998.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019092.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019104.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019110.html
So which of those is a virus with your name forged on it? Oh, there aren't
any? (Looking at the archives for the entire month, I'm not seeing *any* from
*anybody* - am I missing some? Where are the "repeated" malware
distributions?)
Looks to me like you want FD to take action about mail that's not even
passing through its servers - and that's the sort of dangerous precedent that
make things like Echelon and Omnivore unpopular.
If you can't deal with the fact that subscribing to this list may expose you to
the occasional malware or other small-arms fire, I suggest you do something
productive about it:
Each posting to the list has a RFC2369 header:
List-unsubscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@...ts.netsys.com?subject=unsubscribe>
Use it. There's plenty of other, more heavily moderated, mailing lists out
there.
If you can't deal with the fact that worms are doing address scraping to forge
the From: line, you may wish to consider whether a career in computer security
is really your calling.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040322/bf5407f7/attachment.bin
Powered by blists - more mailing lists