Why are postmasters distributing the MyDoom virus?

["Richard M. Smith" <rms () computerbytesman com>]

Hi,

I was looking over the MyDoom email messages that I received today and found
about 15 copies of the worm which came from postmasters in bounce messages.
Some postmasters, when sending out a bounce message, include the original
email message as an attachment.  If a bounce message is for a
MyDoom-infected message, the bounce message will sometimes include an intact
copy of the MyDoom executable which can be run by mistake with a few mouse
clicks.

It looks like some postmasters are in the virus distribution business pretty
much like the MyDoom virus itself.  Perhaps these postmasters need to review
their bounce message policies and remove all attached files from messages
being bounced.

Attached is a list of postmasters that appear to have sent me intact copies
of the MyDoom virus today.

Richard M. Smith
http://www.ComputerBytesMan.com

==============================================================

System Administrator [postmaster () BARCODESOURCE com]
Mail Delivery Subsystem [MAILER-DAEMON () mailgw2 tiscali dk]
postmaster () COR ORG
Mail Delivery System [MAILER-DAEMON () mxr01 nyc02 dsl net]
Mail Delivery Subsystem [MAILER-DAEMON () dev adorigin com]
MAILER-DAEMON [MAILER-DAEMON () swip net]
postmaster () walde dk
postmaster () att net
postmaster () dukerealty com
postmaster () sjeccd org
postmaster () wa-gunnet co jp
Mail Delivery Subsystem [MAILER-DAEMON () SNET Net]
Mail Delivery Subsystem [MAILER-DAEMON () msbit com]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html