Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: Tobias Weisserth <tobias () weisserth de>
Date: Tue, 23 Mar 2004 00:42:46 +0100

Hi Gadi,

Am Mo, den 22.03.2004 schrieb Gadi Evron um 22:36:

Today's spoof, of an email supposedly coming from me with an infected
file was a cute trick by whatever kiddie, but doesn't really bother me.

There's no need to feel honoured Gadi. You were not "selected" and
"targeted" by a single person or "kiddie". The virus just collected your
address from this list or some archive or whatever and then used it to
forge the sender. No big deal and nothing to whine about. And it's
certainly no "cute trick" just plain virus realism every mail virus is
using nowadays.

What does bother me is the following:

However, the mailing list has become, in a growing trend, a means by
which people transfer viruses, whether it is their intention or if they
got "0wned" is irrelevant, distributing malware is illegal, and should
be dealt with by the list owners.

You haven't understood the distribution cycle of modern mail viruses.
It's enough if one person on this list gets infected and then the virus
can collect addresses from that persons inbox to forge sender addresses.

I don't believe anybody is using fd to distribute malware. There's
simply no need for it. If you want to have one of these viruses you just
write a message to some news group with your real email address and off
you go: Sobig/D, Sven, Mydoom and so on are nicely entering your

The only problem is that this list may have people who get infected in
the first place or people not understanding how a virus works...

It is also a growing concern among some of us that VX'ers now use this
list to propagate viruses, once they are out in the wild.

Viruses must not be spread, especially on a security mailing list and to
such a huge audience.

It is my opinion that it is the _duty_ of the list owners to do
something about this, as it is not only illegal, but it is irresponsible.

The only reasonable thing would be to either filter attachments with a
virus scanner or block attachments all along on fd.

Since my mails get filtered on my mail server by new-amavisd and I'm
simply not affected by win32 viruses I have no reason to complain.

I'd have emailed the list owners privately, but as I am the latest
victim of the latest spreading mechanism for viruses - Full-Disclosure,
I demand and immediate public announcement on what is going to be done
about this problem.

Stop embarrassing yourself.

Thank you,

You're welcome.

kind regards,
Tobias W.

   ____  _____
  |  _ \| ____| Tobias Weisserth
  | | | |  _|   tobias () weisserth [de|com|net|org]
 _| |_| | |___  http://www.weisserth.org
Encrypted mail is welcome.
Key and fingerprint: http://imprint.weisserth.org


Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]