Sirs, And this alternative response.
Peter -------- Original Message -------- Subject: Re: no more spam or virus but attack Date: Mon, 29 Apr 2002 18:06:52 +0200 From: Martin Kraemer <[EMAIL PROTECTED]> To: GOMEZ Henri <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] References: <[EMAIL PROTECTED]> On Mon, Apr 29, 2002 at 05:40:41PM +0200, GOMEZ Henri wrote: > Hi to all, > > I just received this email, with fake from header > of Christopher Cain. > > The subject is about jni worker, and attached file > included a httpd.exe. > > that's no more a spam or virus but a 'human writen' > mail caming from someone who track our tomcat-dev list. > Someone who know about tomcat, httpd, jni and worker. I disagree. I got similar virus-loaded mails from all over the world, many (apparently) sent by by ASF members, and carrying titles referring to ASF topics. This virus-bot (I think) picks up its keywords from the various HTML pages we have, and adds some "dressing" to make a nice Subject (like: You are done, the , or 'Undeliverable mail--""') using mailto: links from the same page, or belonging to the same site. Some mails I presumably got from Ralf Engelschall: [EMAIL PROTECTED] A WinXP patch [EMAIL PROTECTED] A powful tool from Marc (sic!) [EMAIL PROTECTED] W32.Klez.E removal tools or from [EMAIL PROTECTED] Undeliverable mail--"Apache HTTP Server Version 1.3" [EMAIL PROTECTED] Undeliverable mail--"ACCESSKEY" [EMAIL PROTECTED] Undeliverable mail--"by mod" [EMAIL PROTECTED] Returned mail--"bgcolor" (in this case it's most obvious: such a syntax is ONLY used by viri) *ALL OF THESE* exploit the same multipart/alternative bug of M$/Outlook which executes dynamic content without asking. > What could we do against that ? > > - Commiters PGP to signe messages ? > It works for many mail readers even M$ one but not > for Netscape Messenger . > > - Ask all of us to be very very carefull when receiving > mail with attached files, even if the From header appears > to be from someone known. No problem for me. Zilch, none nadda. I read my mails on FreeBSD. Also, I added amavis + nai uvscan so that the other users on my machine don't get infected ;-) and I use up less space in my spam-mailbox. Martin -- | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]