[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dan Bernstein's issues about namedroppers list operation

To: Bill Fenner <fenner@research.att.com>
Subject: Re: Dan Bernstein's issues about namedroppers list operation
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Fri, 10 Jan 2003 13:15:54 -0500
Cc: ned.freed@mrochek.com, sra@hactrn.net, iesg@ietf.org

In message <200301101757.JAA29806@windsor.research.att.com>, Bill Fenner writes
:
>
>>I believe the case of virus propogation is really something different. What
>>happens there is that someone gets infected and sends mail to every address
>>they have lying around, including the addresses of the lists they are on. In
>>such a case often as not the message come from their subscription address,
>>and therefore gets through.
>
>At least some variations of KLEZ, and probably more and more modern viruses,
>often forge the From: header using an email address that they find somewhere
>on the system.  I've seen quite a number of Windows viruses going out from
>fenner@research.att.com, but I do not have a Windows MUA configured with that
>address.  (The most recent one was sent to the IPNG list from a system
>attached to a dialup ISP in India.)
>
Yup, I've received a lot of viruses that purport to be from you and 
jis.  I've also received bounce messages from viruses I allegedly sent 
out.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

Prev by Date: Re: Path MTU discovery - Matt Mathis
Next by Date: Re: Path MTU discovery - Matt Mathis
Previous by thread: Re: Dan Bernstein's issues about namedroppers list operation
Next by thread: RE: Dan Bernstein's issues about namedroppers list operation
Index(es):
- Date
- Thread