Re: viruses being sent to this list

[Tobias Weisserth <tobias () weisserth de>]

Hi Gadi,

Am Mo, den 22.03.2004 schrieb Gadi Evron um 22:36:

> Today's spoof, of an email supposedly coming from me with an infected
> file was a cute trick by whatever kiddie, but doesn't really bother me.

There's no need to feel honoured Gadi. You were not "selected" and
"targeted" by a single person or "kiddie". The virus just collected your
address from this list or some archive or whatever and then used it to
forge the sender. No big deal and nothing to whine about. And it's
certainly no "cute trick" just plain virus realism every mail virus is
using nowadays.

> What does bother me is the following:
> ...

> However, the mailing list has become, in a growing trend, a means by
> which people transfer viruses, whether it is their intention or if they
> got "0wned" is irrelevant, distributing malware is illegal, and should
> be dealt with by the list owners.

You haven't understood the distribution cycle of modern mail viruses.
It's enough if one person on this list gets infected and then the virus
can collect addresses from that persons inbox to forge sender addresses.

I don't believe anybody is using fd to distribute malware. There's
simply no need for it. If you want to have one of these viruses you just
write a message to some news group with your real email address and off
you go: Sobig/D, Sven, Mydoom and so on are nicely entering your
mailbox.

The only problem is that this list may have people who get infected in
the first place or people not understanding how a virus works...

> It is also a growing concern among some of us that VX'ers now use this
> list to propagate viruses, once they are out in the wild.
>
> Viruses must not be spread, especially on a security mailing list and to
> such a huge audience.

> It is my opinion that it is the _duty_ of the list owners to do
> something about this, as it is not only illegal, but it is irresponsible.

The only reasonable thing would be to either filter attachments with a
virus scanner or block attachments all along on fd.

Since my mails get filtered on my mail server by new-amavisd and I'm
simply not affected by win32 viruses I have no reason to complain.

> I'd have emailed the list owners privately, but as I am the latest
> victim of the latest spreading mechanism for viruses - Full-Disclosure,
> I demand and immediate public announcement on what is going to be done
> about this problem.

Stop embarrassing yourself.

> Thank you,

You're welcome.

kind regards,
Tobias W.

-- 
***************************************************
   ____  _____
  |  _ \| ____| Tobias Weisserth
  | | | |  _|   tobias@weisserth.[de|com|net|org]
 _| |_| | |___  http://www.weisserth.org
(_)____/|_____|
                
Encrypted mail is welcome.
Key and fingerprint: http://imprint.weisserth.org

***************************************************

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil