Full Disclosure mailing list archives
Re: kaspersky-labs webserver or listserver compromised?
From: Brian McWilliams <brian () pc-radio com>
Date: Fri, 08 Nov 2002 10:20:23 -0500
I could be wrong, but I'm guessing someone on Kaspersky's Virus News list got infected with the Braid/Brida worm, and the worm forwarded a copy to the Kaspersky listserver at
list-15 () webserver2 kaspersky-labs comInstead of dropping the infected message, the misconfigured listserv appears to have forwarded it to those of us on the list.
And now, thanks to Kaspersky's wacko server, everyone on the list is also getting copies of the virus autoresponder messages sent out by the recipients' mail gateway scanners.
Man, we would be lost without these early warning systems. Brian At 05:25 PM 11/7/2002, Ka wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just received an email with some virus components from kaspersky-labs.com. .o) Possible Exploit.IFrame.FileDownload and a README.EXE with I-Worm.Bridex Here are the headers: - ------------------------- BEGIN HEADERS ----------------------------- Received: from webserver2.kaspersky-labs.com (unknown [195.161.113.178]) by mail.vegaa.de (Postfix) with ESMTP id A9F37174019 for <zim () vegaa de>; Thu, 7 Nov 2002 22:51:28 +0100 (CET) Received: by webserver2.kaspersky-labs.com (Postfix) id 33AB920047; Fri, 8 Nov 2002 00:22:31 +0300 (MSK) Delivered-To: list-15 () webserver2 kaspersky-labs com Received: from webserver2.kaspersky-labs.com (unknown [148.235.6.199]) by webserver2.kaspersky-labs.com (Postfix) with SMTP id 82ABA20044for <list-15 () webserver2 kaspersky-labs com>; Fri, 8 Nov 2002 00:22:26 +0300 (MSK)From: Lic.Francisco Cano Sanchez <list-15 () webserver2 kaspersky-labs com> DATE: Jue, 7 Nov 2002 14:38:56+0000 X-Mailer: EBT Reporter v 2.x To: list-15 () webserver2 kaspersky-labs com subject: Secretaria de Educacion y C. Mime-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="====_ABC1234567890DEF_====" X-Priority: 3 X-MSMail-Priority: Normal X-Unsent: 1 Message-Id: <20021107212226.82ABA20044 () webserver2 kaspersky-labs com> - -------------------------- END HEADERS ------------------------------ Greetings Ka - -- How will you know that it is yourself, if you have not forged it yourself? http://www.khidr.net/users/ka/pgpkey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9yuhD72vu22ltWBERAhsSAJ9aIpwmz96HM/0j7Q9MXRHC0vHPNQCeJcCH xTiTInrl5o6rx2S/v5Av+Q0= =cXHF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- kaspersky-labs webserver or listserver compromised? Ka (Nov 07)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver com Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Kaspersky blames "massive attack" Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)