Re: viruses being sent to this list

["Paul Schmehl" <pauls () utdallas edu>]

----- Original Message ----- 
From: "MICHAEL coles" <lppcolemi () gw njsp org>
To: <full-disclosure () lists netsys com>
Sent: Monday, March 22, 2004 8:38 PM
Subject: Re: [Full-disclosure] viruses being sent to this list


> Dookie,
>
>     There is a very fine line between uber-troll and not understanding
> the topic. What makes you think that your email wasn't found on one of
> the resting places for this mailing list? You name appears over three
> hundred times according to google.com when searching for "full
> disclosure".
Not picking on you, your post is just a convenient point to jump in to this
"conversation", but I really wonder if anyone thinks before they post any
more.  I read Gadi's post, and I happen to know him, so I didn't instantly
think he was an idiot or uninformed or naive.  Instead, I downloaded the
entire raw archives of the list and started grepping for patterns.  What
I've found so far is suspicious.  I won't post any results yet, because
they're incomplete, but suffice it to say that it is at least *possible*
that this list is deliberately being used to spread viruses.  It's equally
possible that it's just the random seeding that viruses do these days.  I
just don't know for sure yet, one way or the other.

>
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=ge%40egotistical.reprehensible.net%3E+%22full+disclosure%22&btnG=Google+Search
> You weren't targetted, just unlucky.
I don't believe he's complaining about his address being targeted.  You
might consider for a moment that the people who use this list come from all
over the world, and sometimes non-native English speakers word things in a
way that could be misinterpreted if you don't pay attention to what they're
saying.  Gadi is saying that the list is deliverately being used to spread
viruses, *not* that he is personally being targeted.  He's an Israeli, so
perhaps his way of wording things is throwing you (and others) off.

This is a small sample of what I have found in the archives:
message.pif - 5 copies
your_details.pif - 2 copies
attachment.htm.pif - 1 copies
file.pif - 1 copies
test.pif - 1 copies
readme.scr - 1 copies

I say "appears" because this is very preliminary, from some 'grep "some
string" file | grep -c "filename" ' stuff, so it's not completely error
free.  In addition, the archive is one, 96+ MB file for the entire list, so
it's a bit hard to sort things out quickly, eliminate dupes, etc.

In any case, before anyone goes assuming Gadi is an idiot (which he is most
definitely not), you might take the time to consider what he's saying and,
if you don't have something useful to say, refrain from posting.  There's
far too many Monday morning quarterbacks on this list and double far too
many uninformed critics.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html