[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.

[Mark Sapiro]

JC Dill wrote:
>
>An attack of this type would not be just for list administrator posts.  
>It would also get past whitelist filters - because the message would 
>come from someone you have already received email from and are much more 
>likely to be accepting email from than some random stranger address.  If 
>we haven't seen it it's just because we haven't seen it *yet*.  I'm sure 
>spammers are busy working on something like this right now, as a way to 
>create more zombies with their virus/trojan payload.


We definitely have seen the "whitelist" attack. I think the majority of
todays worms harvest addresses from an infected machine and spoof one
of them as the sender on the theory that the addresses found on a
given machine are members of an affinity group of some kind and are
more likely to accept mail from one of their own than from a random
address.

I have seen this result in a worm being posted to a list because the
list address was found on a machine and the spoofed sender also found
on the machine happened to be a list member. I've not seen this on any
of my Mailman lists and I won't see the payload in any case because
the lists don't allow attachments, but I have seen it on Yahoo Groups.

>So I repeat my <soapbox> statement, don't allow attachments to your 
>mailing list.  The downside is too great, sooner or later your list WILL 
>end up spreading a virus.

And I agree. I don't allow attachments on any lists that I manage and I
encourage others to do the same. There are other ways to make binary
information available to a group.

--
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan