Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: Gadi Evron <ge () egotistical reprehensible net>
Date: Tue, 23 Mar 2004 02:49:55 +0200

Hash: SHA1

| There's no need to feel honoured Gadi. You were not "selected" and
| "targeted" by a single person or "kiddie". The virus just collected your
| address from this list or some archive or whatever and then used it to
| forge the sender. No big deal and nothing to whine about. And it's
| certainly no "cute trick" just plain virus realism every mail virus is
| using nowadays.

As I decided to participate in the discussion I unwillingly yet
predictably caused, here goes..

I believed I explained this was an option in my email, as it was
unclear.. indeed. It is quite possible this was an infected user without
any knowledge of this ever being done.

| You haven't understood the distribution cycle of modern mail viruses.
| It's enough if one person on this list gets infected and then the virus
| can collect addresses from that persons inbox to forge sender addresses.

And why should we receive it on a public security forum, which addresses
so many people?

| I don't believe anybody is using fd to distribute malware. There's
| simply no need for it. If you want to have one of these viruses you just
| write a message to some news group with your real email address and off
| you go: Sobig/D, Sven, Mydoom and so on are nicely entering your
| mailbox.

Need or no need, the fact is that after this started happening, the
volume of it happening, and with new malware, increased dramatically and
close to the release dates. Usually after the worm is already well-seeded.

| The only problem is that this list may have people who get infected in
| the first place or people not understanding how a virus works...

Which is exactly why in a public forum, this should not be acceptable.

| The only reasonable thing would be to either filter attachments with a
| virus scanner or block attachments all along on fd.

I agree.

| Since my mails get filtered on my mail server by new-amavisd and I'm
| simply not affected by win32 viruses I have no reason to complain.

I do, I get these things because I am subscribed here.

I did not subscribe to get more malware sent to me, when it can be
easily filtered out.

|>I'd have emailed the list owners privately, but as I am the latest
|>victim of the latest spreading mechanism for viruses - Full-Disclosure,
|>I demand and immediate public announcement on what is going to be done
|>about this problem.
| Stop embarrassing yourself.

If an embarrassment is to demand reaction for receiving malware from
this list, why should I feel embarrassed?

The list charter clearly states:
"Members are reminded that due to the open nature of the list, they
should use discretion in executing any tools or code distributed via
this list."

It does not state that malware will be sent out daily, some of which
infects either under false pretense (undeclared, lies, social
engineering) or automatically (by using bugs/vulnerabilities/whatever).

As the list charter doe snot state that by subscribing I'd open myself
to such continuous attacks, and it may be dangerous for me to be
subscribed. Or that in fact by subscribing I may attract viruses through
the mailing list itself - I do not see how my demanding an answer to
this security issue is an embarrassment.

If anything, I feel good about raising this subject.

As I mentioned this is not about signal-noise, flames, or anything else.
It is about filtering out malware.

It is about taking responsibility.

        Gadi Evron.
Version: GnuPG v1.2.3 (MingW32)


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]