If we had just a few more 'fools' like John in this country, it might not
suck as much as it does at present.
-Bill
Virus Borrows Internet Pioneer's Server To Spread
By Brian McWilliams, Newsbytes SAN FRANCISCO, CALIFORNIA, U.S.A., 06 Mar
2002, 9:46 AM CST A server operated by Internet pioneer John Gilmore is
being used by a new Internet worm to perform its mass-mailing routine,
according to virus researchers.
The address of the server, Toad. COM, is one of 25 open mail relays
hard-coded by its unidentified author into the W32.Yaha worm, according to
analyses by anti-virus firms Symantec and Sophos.
While most of the open servers are located in China and Korea, Toad. COM is
a
system installed in Gilmore's home in San Francisco.
Besides co-founding the Electronic Frontier Foundation and the Cypherpunks
cryptography discussion list, Gilmore takes credit for helping establish the
"alt" Usenet discussion groups.
Last March, Gilmore's Internet service provider, Verio, threatened to cut
off his service unless he secured Toad. COM so that it could not be used by
third parties to relay junk e-mail or "spam."
Since its discovery around Valentine's Day, Yaha, also known as "Valscr,"
has wormed its way past Nimda, Hybris and Funlove to the number eight
position on the current list of virus threats tracked by managed e-mail
provider MessageLabs.
Symantec has assigned Yaha a level-2 risk rating. The worm arrives with a
subject line, "Melt the Heart of your Valentine with this beautiful screen
saver." It comes with an attachment named "valentin.scr."
If executed, the attachment will install the worm and unleash its only
payload: mass-mailing copies of infected messages to addresses in the
Windows address book and e-mail addresses found in cached HTML files on the
victim's hard disk.
Gilmore, a life member of the Libertarian party, has accused Verio of
censorship and said he configured the mail server to accept and forward
e-mail from anyone in part so that friends could use it while traveling
around the world.
Gilmore was not immediately available for comment.
According to Gilmore's Web site, Verio agreed last August not to terminate
his service if he modified his mailer software to avoid forwarding large
quantities of e-mail from single addresses over short periods of time.
Jay Dyson, a security consultant with California-based Treachery Unlimited,
confirmed that Toad. COM remains "a wide-open relay."
According to Dyson, numerous methods exist for authenticating whether users
are authorized to relay mail through a server.
"I think Gilmore is being a stubborn old fool for leaving his mail systems
as open relays," he said.
Gilmore's home page is http://www.toad.com/gnu/ .
Symantec's description of Yaha is at
http:[EMAIL PROTECTED] .
Sophos's write-up is at
http://www.sophos.com/virusinfo/analyses/w32yahaa.html .
The MessageLabs Threat List is at
http://www.messagelabs.com/viruseye/threatlist.asp .
Reported by Newsbytes, http://www.newsbytes.com .
09:46 CST Reposted 10:18 CST
(20020306 /WIRES ONLINE, BUSINESS, PC, ASIA, LEGAL/WORM/PHOTO)
) 2001 The Washington Post Company
777 --- 777 777 --- 777 "They that can give up essential liberty to obtain
a little temporary safety deserve neither liberty nor safety." - Benjamin
Franklin
