Sirs,

And this alternative response.

Peter

-------- Original Message --------
Subject: Re: no more spam or virus but attack
Date: Mon, 29 Apr 2002 18:06:52 +0200
From: Martin Kraemer <[EMAIL PROTECTED]>
To: GOMEZ Henri <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
References: <[EMAIL PROTECTED]>



On Mon, Apr 29, 2002 at 05:40:41PM +0200, GOMEZ Henri wrote:
> Hi to all,
> 
> I just received this email, with fake from header
> of Christopher Cain.
> 
> The subject is about jni worker, and attached file
> included a httpd.exe.
> 
> that's no more a spam or virus but a 'human writen'
> mail caming from someone who track our tomcat-dev list.
> Someone who know about tomcat, httpd, jni and worker.

I disagree. I got similar virus-loaded mails from all over the
world, many (apparently) sent by by ASF members, and carrying
titles referring to ASF topics.

This virus-bot (I think) picks up its keywords from the various
HTML pages we have, and adds some "dressing" to make a nice
Subject (like: You are done, the , or
'Undeliverable mail--""') using mailto: links
from the same page, or belonging to the same site.

Some mails I presumably got from Ralf Engelschall:
  [EMAIL PROTECTED]          A  WinXP patch
  [EMAIL PROTECTED]          A  powful tool
from Marc (sic!)
  [EMAIL PROTECTED]         W32.Klez.E removal tools
  
or from
  [EMAIL PROTECTED]   Undeliverable mail--"Apache HTTP Server Version 1.3"
  [EMAIL PROTECTED]   Undeliverable mail--"ACCESSKEY"
  [EMAIL PROTECTED]   Undeliverable mail--"by mod"
  [EMAIL PROTECTED]   Returned mail--"bgcolor"
(in this case it's most obvious: such a syntax is ONLY used by viri)

*ALL OF THESE* exploit the same multipart/alternative bug of
M$/Outlook which executes dynamic content without asking.

> What could we do against that ?
> 
> - Commiters PGP to signe messages ? 
>   It works for many mail readers even M$ one but not 
>   for Netscape Messenger .
> 
> - Ask all of us to be very very carefull when receiving
>   mail with attached files, even if the From header appears
>   to be from someone known.

No problem for me. Zilch, none nadda. I read my mails on FreeBSD.
Also, I added amavis + nai uvscan so that the other users on my
machine don't get infected ;-)  and I use up less space in my spam-mailbox.

   Martin
-- 
         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Reply via email to