Re: [Full-Disclosure] kaspersky-labs webserver or listserver compromised?

Brian McWilliams Fri, 08 Nov 2002 07:42:26 -0800

I could be wrong, but I'm guessing someone on Kaspersky's Virus News list got infected with the Braid/Brida worm, and the worm forwarded a copy to the Kaspersky listserver at

[EMAIL PROTECTED]

Instead of dropping the infected message, the misconfigured listserv appears to have forwarded it to those of us on the list.

And now, thanks to Kaspersky's wacko server, everyone on the list is also getting copies of the virus autoresponder messages sent out by the recipients' mail gateway scanners.

Man, we would be lost without these early warning systems.

Brian

At 05:25 PM 11/7/2002, Ka wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just received an email with some virus components
from kaspersky-labs.com. .o)

Possible Exploit.IFrame.FileDownload
and a README.EXE with I-Worm.Bridex

Here are the headers:

- ------------------------- BEGIN HEADERS -----------------------------
Received: from webserver2.kaspersky-labs.com (unknown [195.161.113.178])
by mail.vegaa.de (Postfix) with ESMTP id A9F37174019
for <[EMAIL PROTECTED]>; Thu, 7 Nov 2002 22:51:28 +0100 (CET)
Received: by webserver2.kaspersky-labs.com (Postfix)
id 33AB920047; Fri, 8 Nov 2002 00:22:31 +0300 (MSK)
Delivered-To: [EMAIL PROTECTED]
Received: from webserver2.kaspersky-labs.com (unknown [148.235.6.199])
by webserver2.kaspersky-labs.com (Postfix) with SMTP id 82ABA20044
for <[EMAIL PROTECTED]>; Fri, 8 Nov 2002 00:22:26 +0300 (MSK)
From: Lic.Francisco Cano Sanchez <[EMAIL PROTECTED]>
DATE: Jue, 7 Nov 2002 14:38:56+0000
X-Mailer: EBT Reporter v 2.x
To: [EMAIL PROTECTED]
subject: Secretaria de Educacion y C.
Mime-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="====_ABC1234567890DEF_===="
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
Message-Id: <[EMAIL PROTECTED]>
- -------------------------- END HEADERS ------------------------------

Greetings
Ka
- --
How will you know that it is yourself,
if you have not forged it yourself?
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9yuhD72vu22ltWBERAhsSAJ9aIpwmz96HM/0j7Q9MXRHC0vHPNQCeJcCH
xTiTInrl5o6rx2S/v5Av+Q0=
=cXHF
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Re: [Full-Disclosure] kaspersky-labs webserver or listserver compromised?

Reply via email to