Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: Valdis.Kletnieks () vt edu
Date: Mon, 22 Mar 2004 20:33:35 -0500

On Tue, 23 Mar 2004 02:11:13 +0200, Gadi Evron <ge () egotistical reprehensible net>  said:

We can go into an endless discussion on liability. As FD is being used
to spread malware, repeatedly, and filtering that malware is a matter of
responsibility..

My mail server racked up 377,545 viruses recognized last week alone:

Breakdown:
158476  NETSKY.C               (41.98%)
 55024  NETSKY.D               (14.57%)
 38905  BAGLE-ZIP              ( 10.3%)
 24640  NETSKY.O               ( 6.53%)
 21338  NETSKY.B               ( 5.65%)
 16452  BAGLE.K                ( 4.36%)
 13908  BAGLE.J                ( 3.68%)
 12349  NETSKY.J               ( 3.27%)
  8047  DUMARU.K               ( 2.13%)
  5512  MYDOOM.A               ( 1.46%)

I don't think that FD is the problem here.  The problem is that the average
computer is basically designed for web surfing and virus propagation.

One would think the FD managers would do something about this.

This is not about the infected user, the VX'ers, or the ISP's.

It's *all* about the infected user, the A/V companies, and the ISPs.

Let's look at the archives of the list, postings from you this month:

http://lists.netsys.com/pipermail/full-disclosure/2004-March/018957.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018992.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018996.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/018998.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019092.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019104.html
http://lists.netsys.com/pipermail/full-disclosure/2004-March/019110.html

So which of those is a virus with your name forged on it?  Oh, there aren't
any?  (Looking at the archives for the entire month, I'm not seeing *any* from
*anybody* - am I missing some?  Where are the "repeated" malware
distributions?)

Looks to me like you want FD to take action about mail that's not even
passing through its servers - and that's the sort of dangerous precedent that
make things like Echelon and Omnivore unpopular.

If you can't deal with the fact that subscribing to this list may expose you to
the occasional malware or other small-arms fire, I suggest you do something
productive about it:

Each posting to the list has a RFC2369 header:

List-unsubscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,   <mailto:full-disclosure-request () 
lists netsys com?subject=unsubscribe>

Use it.  There's plenty of other, more heavily moderated, mailing lists out
there.  

If you can't deal with the fact that worms are doing address scraping to forge
the From: line, you may wish to consider whether a career in computer security
is really your calling.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault