Re: Email

[Nick FitzGerald <nick () virus-l demon co uk>]

D B <geggam692000 () yahoo com> wrote:

> I'm by no means a security expert nor do I want to be,
> but while I read this list at 3 am my mind wanders and
> I wish for someone from experience to explain to me
> why any virus can infect any mail server / user  when
> those administrating a mail server can make a mail
> server handle mail in the manner I pasted a snippet of
> from my own in-box.
>
> ( obvious designator )
> ****************snippet****************
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: text/plain;
>       charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
>
> The message cannot be represented in 7-bit ASCII
> encoding and has been 
> sent as a binary attachment.
>
>
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: application/octet-stream;
>       name="message.pif"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
>       filename="message.pif"
>
> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> ****************snip***************
> ( end of obvious designator )

You are confusing the effect of a deliberate attempt by the Mydoom 
virus writer to "trick" the recipient of the virus' Emails into opening 
the attachment (and to then, "hopefully", open/execute the contents of 
the .ZIP file) with the actions of a mail server or relay ppresumably 
between the message's sender and its recipient.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html