Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Re: Why are postmasters distributing the MyDoom virus?

Re: Why are postmasters distributing the MyDoom virus?

From: David F. Skoll <dfs_at_roaringpenguin.com>
Date: Tue, 10 Feb 2004 13:29:51 -0500 (EST)

On Sat, 7 Feb 2004, Richard M. Smith wrote:

> I was looking over the MyDoom email messages that I received today and found
> about 15 copies of the worm which came from postmasters in bounce messages.
> Some postmasters, when sending out a bounce message, include the original
> email message as an attachment. If a bounce message is for a
> MyDoom-infected message, the bounce message will sometimes include an intact
> copy of the MyDoom executable which can be run by mistake with a few mouse
> clicks.

This is sometimes unavoidable. A lot of MyDoom's go to nonexistent
recipients, and when they are failed with a 5xx failure code, the sending
relay (quite reasonably) includes the original message in the bounce.

Regards,

David.
Received on Feb 10 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]