Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: meay-meay! (virus sent via full-discosure list)
From: KUIJPERS Jimmy <jimmy.kuijpers () swift com>
Date: Thu, 25 Mar 2004 15:38:24 +0100

How many times has this been discussed on the list?  Such alteration of messages send is in itself a form of 
moderation. even if you
don't remove the virus itself. Something the list charter clearly states it will not do. Besides, why would the FD 
owners want to
spend money (cpu power required for additional proccesing) on anti-virus while anti-virus is the clients 
responsibility. Especially
on a security mailing list as this.

If you want to treat virusses difrently by adding a flag then you could have your own virusscanner do it. (and then you 
have to pay
for the additional proccesing ;-) )


My 2ct



Bill Royds wrote:

 This virus sent to the list shows the problem of complete lack of
moderation. What would be best is a filter that does a virus scan and WARNS
about possible virus, but does not block anything. You would still be
responsible for personal digital hygiene, but would have a flag to filter
on.

Here are the headers of this message with McAfee message and a whois on the
originating MTA IP.

Return-Path: <full-disclosure-admin () lists netsys com>
Received: from netsys.com (NETSYS.COM [199.201.233.10])
        by mail.zoneedit.com (Postfix) with ESMTP id 285443FA0D
        for <full-disclosure () royds net>; Wed, 24 Mar 2004 17:17:19 -0500
(EST)
Received: from NETSYS.COM (localhost [127.0.0.1])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with ESMTP id
i2OM4lJ28528;
        Wed, 24 Mar 2004 17:04:47 -0500 (EST)
Received: from kermit ([62.38.237.28])
        by netsys.com (8.11.6p2-2003-09-16/8.11.6) with SMTP id i2OLRWX15727
        for <full-disclosure () lists netsys com>; Wed, 24 Mar 2004 16:27:34
-0500 (EST)
To: full-disclosure () lists netsys com
From: macubergeek () comcast net
Message-ID: <qcwokkovsbsisnacbtp () comcast net>
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="--------sbeuunoxpacatulivtum"
Subject: [Full-disclosure] meay-meay!
Sender: full-disclosure-admin () lists netsys com
Errors-To: full-disclosure-admin () lists netsys com
X-BeenThere: full-disclosure () lists netsys com
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe:
<http://lists.netsys.com/mailman/listinfo/full-disclosure>,

<mailto:full-disclosure-request () lists netsys com?subject=unsubscribe>
List-Id: Discussion of security issues <full-disclosure.lists.netsys.com>
List-Post: <mailto:full-disclosure () lists netsys com>
List-Help: <mailto:full-disclosure-request () lists netsys com?subject=help>
List-Subscribe: <http://lists.netsys.com/mailman/listinfo/full-disclosure>,
        <mailto:full-disclosure-request () lists netsys com?subject=subscribe>
List-Archive: <http://lists.netsys.com/pipermail/full-disclosure/>
Date: Wed, 24 Mar 2004 23:27:25 +0200

******************   McAfee VirusScan ************************
******* Alert generated at: Wed, 24 Mar 2004 18:29:19 -0500 *********
*********************************************************************

McAfee VirusScan has detected a potential threat in this e-mail
sent by macubergeek () comcast net 
The following actions were attempted on each suspicious part.
We strongly recommend that you report this virus-related activity
to macubergeek () comcast net 

 The attachment "TextFile.zip" is infected with the W32/Bagle.gen!pwdzip
Virus(es).
This attachment has been cleaned.

===================whois for sending MUA ==========

03/25/04 08:29:36 whois 62.38.237.28 () whois ripe net

whois -h whois.ripe.net 62.38.237.28 ...
% This is the RIPE Whois server.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/ripencc/pub-services/db/copyright.html

inetnum:      62.38.0.0 - 62.38.255.255
netname:      GR-HOL-20010530
descr:        Hellas On Line S.A.
descr:        PROVIDER
country:      GR
admin-c:      HA194-RIPE
tech-c:       CO95-RIPE
status:       ALLOCATED PA
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    AS3329-MNT
changed:      hostmaster () ripe net 20010530
changed:      hostmaster () ripe net 20031210 # gr.hol.aval via
https://lirportal.ripe.net
source:       RIPE

route:        62.38.0.0/16
descr:        HOL
origin:       AS3329
mnt-lower:    AS3329-MNT
mnt-routes:   AS3329-MNT
mnt-by:       AS3329-MNT
changed:      tkor () hol gr 20010530
source:       RIPE

role:         HOL Administration
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       admin () hol gr
trouble:      Questions....... mail to: noc () hol gr
trouble:      Spam Reports.... mail to: postmaster () hol gr
trouble:      Abuse Reports... mail to: abuse () hol gr
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
tech-c:       CO95-RIPE
nic-hdl:      HA194-RIPE
mnt-by:       AS3329-MNT
changed:      vicky () hol gr 19970821
changed:      vicky () hol gr 19970826
changed:      noc () hol gr 19981217
changed:      aval () hol gr 20000110
changed:      aval () hol gr 20010314
changed:      aval () hol gr 20020121
changed:      aval () hol gr 20030624
source:       RIPE

role:         HOL Network Operations Center
address:      Hellas On Line S.A.
address:      Harilaou Trikoupi 151
address:      N. Kiffisia, Greece 14564
e-mail:       noc () hol gr
trouble:      Questions....... mail to: noc () hol gr
trouble:      Spam Reports.... mail to: postmaster () hol gr
trouble:      Abuse Reports... mail to: abuse () hol gr
admin-c:      KK5841-RIPE
tech-c:       AV845-RIPE
tech-c:       TK583-RIPE
nic-hdl:      CO95-RIPE
mnt-by:       AS3329-MNT
changed:      vicky () hol gr 19970821
changed:      noc () hol gr 19981217
changed:      aval () hol gr 20000110
changed:      aval () hol gr 20010314
changed:      aval () hol gr 20010320
changed:      aval () hol gr 20010607
changed:      aval () hol gr 20020121
changed:      tkor () hol net 20030909
source:       RIPE

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
macubergeek () comcast net
Sent: March 24, 2004 4:27 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] meay-meay!

 The access is open !!!

password  for  archive: 01825

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault