Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: viruses being sent to this list
From: tcleary2 () csc com au
Date: Wed, 24 Mar 2004 14:29:00 +0800

John Sage said:

What does this tell us? Virii are getting out via the list; whether
they are being transmitted inadvertently or deliberately is still open
to question...

.....and on that very topic, I'm getting bounces where the headers seem 
valid, containing old posts of mine to FD from the mailer-daemons of very 
reputable sources, containing virus scanner responses ( and viruses ) that 
get caught by our scanners.

It seems that either:

a) A worm is sending mails as if from an FD poster and as if the headers 
were from the list, using valid addresses and valid/spoofed received 
headers from old emails found on cracked machines.
b) The worms are being forwarded via the list with apparently valid 
subscriber details, as should be happening for an unmoderated list.

I vote the list is not responsible.

I say this because my email address is not subscribed to FD.

Ergo, the list can't have sent the messages I'm getting responses to, 
unless the moderator has been sending out my old posts, again.

I think this is conclusive?


"In IT, acceptable solutions depend upon humans - Computers don't 
This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. NOTE: Regardless of content, this e-mail shall not operate to 
bind CSC to any order or other contract unless pursuant to explicit 
written agreement or government initiative expressly permitting the use of 
e-mail for such purpose.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]