Full Disclosure mailing list archives
Re: Email
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 05 Feb 2004 13:46:31 +1300
D B <geggam692000 () yahoo com> wrote:
I'm by no means a security expert nor do I want to be, but while I read this list at 3 am my mind wanders and I wish for someone from experience to explain to me why any virus can infect any mail server / user when those administrating a mail server can make a mail server handle mail in the manner I pasted a snippet of from my own in-box. ( obvious designator ) ****************snippet**************** This is a multi-part message in MIME format. ------=_NextPart_000_0012_FAA048F2.06F42141 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment. ------=_NextPart_000_0012_FAA048F2.06F42141 Content-Type: application/octet-stream; name="message.pif" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="message.pif" TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ****************snip*************** ( end of obvious designator )
You are confusing the effect of a deliberate attempt by the Mydoom virus writer to "trick" the recipient of the virus' Emails into opening the attachment (and to then, "hopefully", open/execute the contents of the .ZIP file) with the actions of a mail server or relay ppresumably between the message's sender and its recipient. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Email D B (Feb 04)