[Full-Disclosure] Kaspersky blames "massive attack"

[Brian McWilliams]

See below.

Not to beat a dead horse, but this doesn't explain why the Kaspersky list server was forwarding bounce messages from list members to everyone on the Virus News list. (E.g. see sample at the very bottom of this note.)

B.

+++

http://www.kaspersky.com/news.html?chapter=20140

Beware of fakes! [11/08/2002]

Kaspersky Labs reports an attempt to hack its Web server

Kaspersky Labs informs users that on the night the November 7th there was a massive attack against the company's Web server. The attack resulted in a group of hackers sending the subscribers of the Kaspersky Labs e-mail newsletter a message containing the recently discovered "Bridex" worm.

The infected messages have the following appearance:

[snip]

+++

Delivered-To: [EMAIL PROTECTED]
Received: from messagerie.multiphone.fr (messagerie.multiphone.fr [194.206.157.135])
by webserver2.kaspersky-labs.com (Postfix) with ESMTP id AF9F520B8C
for <[EMAIL PROTECTED]>; Fri, 8 Nov 2002 02:40:37 +0300 (MSK)
Received: by MESSAGERIE with Internet Mail Service (5.5.2650.21)
id <WMJKSYLR>; Fri, 8 Nov 2002 00:40:41 +0100
Message-ID: <1149797CEC6ED6119C8D00600872D6F606382A@MESSAGERIE>
From: "[MESSAGERIE] Panda Antivirus for Exchange Server" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: Incident de virus
Date: Fri, 8 Nov 2002 00:40:40 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"

Panda Antivirus a d�tect� les virus suivants dans le message:
Server : MESSAGERIE

Envoy� par :
Adresse : [EMAIL PROTECTED]
A : [EMAIL PROTECTED]
Objet : Returned mail: see transcript for details
Date : 08/11/2002 01:40

VIRUS DETECTE

Fichier : ~000003.txt
Virus : Exploit/iFrame - D�sinfect�
Fichier : README.EXE
Virus : W32/Bride - D�sinfect�

http://www.pandasoftware.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html