Full Disclosure mailing list archives
Kaspersky blames "massive attack"
From: Brian McWilliams <brian () pc-radio com>
Date: Fri, 08 Nov 2002 13:25:53 -0500
See below.Not to beat a dead horse, but this doesn't explain why the Kaspersky list server was forwarding bounce messages from list members to everyone on the Virus News list. (E.g. see sample at the very bottom of this note.)
B. +++ http://www.kaspersky.com/news.html?chapter=20140 Beware of fakes! [11/08/2002] Kaspersky Labs reports an attempt to hack its Web serverKaspersky Labs informs users that on the night the November 7th there was a massive attack against the company's Web server. The attack resulted in a group of hackers sending the subscribers of the Kaspersky Labs e-mail newsletter a message containing the recently discovered "Bridex" worm.
The infected messages have the following appearance: [snip] +++ Delivered-To: list-15 () webserver2 kaspersky-labs comReceived: from messagerie.multiphone.fr (messagerie.multiphone.fr [194.206.157.135])
by webserver2.kaspersky-labs.com (Postfix) with ESMTP id AF9F520B8C
for <list-15 () webserver2 kaspersky-labs com>; Fri, 8 Nov 2002 02:40:37
+0300 (MSK)
Received: by MESSAGERIE with Internet Mail Service (5.5.2650.21)
id <WMJKSYLR>; Fri, 8 Nov 2002 00:40:41 +0100
Message-ID: <1149797CEC6ED6119C8D00600872D6F606382A@MESSAGERIE>
From: "[MESSAGERIE] Panda Antivirus for Exchange Server"
<MESSAGERIEPandaAntivirusforExchangeServer () multiphone fr>
To: "'list-15 () webserver2 kaspersky-labs com'"
<list-15 () webserver2 kaspersky-labs com>
Subject: Incident de virus
Date: Fri, 8 Nov 2002 00:40:40 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
Panda Antivirus a détecté les virus suivants dans le message:
Server : MESSAGERIE
Envoyé par :
Adresse : MAILER-DAEMON () kazmail asdc kz
A : list-15 () webserver2 kaspersky-labs com
Objet : Returned mail: see transcript for details
Date : 08/11/2002 01:40
VIRUS DETECTE
Fichier : ~000003.txt
Virus : Exploit/iFrame - Désinfecté
Fichier : README.EXE
Virus : W32/Bride - Désinfecté
http://www.pandasoftware.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- kaspersky-labs webserver or listserver compromised? Ka (Nov 07)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver com Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver com Nick FitzGerald (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Kaspersky blames "massive attack" Brian McWilliams (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Ka (Nov 08)
- Re: kaspersky-labs webserver or listserver compromised? Andreas Tirok (Nov 08)