[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
Mark Sapiro
msapiro at value.net
Sat Jan 29 19:53:29 CET 2005
JC Dill wrote:
>
>An attack of this type would not be just for list administrator posts.
>It would also get past whitelist filters - because the message would
>come from someone you have already received email from and are much more
>likely to be accepting email from than some random stranger address. If
>we haven't seen it it's just because we haven't seen it *yet*. I'm sure
>spammers are busy working on something like this right now, as a way to
>create more zombies with their virus/trojan payload.
We definitely have seen the "whitelist" attack. I think the majority of
todays worms harvest addresses from an infected machine and spoof one
of them as the sender on the theory that the addresses found on a
given machine are members of an affinity group of some kind and are
more likely to accept mail from one of their own than from a random
address.
I have seen this result in a worm being posted to a list because the
list address was found on a machine and the spoofed sender also found
on the machine happened to be a list member. I've not seen this on any
of my Mailman lists and I won't see the payload in any case because
the lists don't allow attachments, but I have seen it on Yahoo Groups.
>So I repeat my <soapbox> statement, don't allow attachments to your
>mailing list. The downside is too great, sooner or later your list WILL
>end up spreading a virus.
And I agree. I don't allow attachments on any lists that I manage and I
encourage others to do the same. There are other ways to make binary
information available to a group.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list