Bugtraq mailing list archives
Re: Why are postmasters distributing the MyDoom virus?
From: Georg Schwarz <geos () epost de>
Date: Tue, 10 Feb 2004 22:36:45 +0100 (CET)
It looks like some postmasters are in the virus distribution business pretty much like the MyDoom virus itself. Perhaps these postmasters need to review their bounce message policies and remove all attached files from messages being bounced.
the mails probably bounced (were rejected by the target SMTP server) because of an invalid recipient address. It is an ordinary and IMHO still good practise to include the entire original mail in the bounce message. Those mail servers did not bother about the content of the mail, so they just sent it back (to the alledged return address), whether or not it contained any malicious attachment. I think this is exactly what they are supposed to do, and it is IMHO the best way they can react to the upstream SMTP rejecting an email. I think intermediate systems should not tamper with the mail, including scanning for virii. The worst are such systems that only remove the virus (which in many cases could easily be scanned for by the reciving system at the end), leving the rest of the mail as hard-to-filter annoying junkmail. Now the real issue is you, as the recipient, being in danger of executing any arbitrary code (with powerful abilities to your system) found in an email attachment by just an accidental mouse click (regardless how exactly that mail reached you). Such MUAs are just an invitation for abuse. It is here where any security measures should start. If it does not, such users will always remain in jeopardy. -- Georg Schwarz http://home.pages.de/~schwarz/ geos () epost de +49 177 8811442
Current thread:
- Why are postmasters distributing the MyDoom virus? Richard M. Smith (Feb 10)
- Re: Why are postmasters distributing the MyDoom virus? David F. Skoll (Feb 10)
- Re: Why are postmasters distributing the MyDoom virus? mgotts (Feb 11)
- Re: Why are postmasters distributing the MyDoom virus? Georg Schwarz (Feb 12)
- <Possible follow-ups>
- RE: Why are postmasters distributing the MyDoom virus? Harley David (Feb 10)
- Re: Why are postmasters distributing the MyDoom virus? David F. Skoll (Feb 10)