possibly forged or owned mail servers. Also maybe some dumb-ass mail admin actually opened one of these, like on an Exchange Server?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard M. Smith Sent: Saturday, February 07, 2004 11:16 AM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Why are postmasters distributing the MyDoom virus? Hi, I was looking over the MyDoom email messages that I received today and found about 15 copies of the worm which came from postmasters in bounce messages. Some postmasters, when sending out a bounce message, include the original email message as an attachment. If a bounce message is for a MyDoom-infected message, the bounce message will sometimes include an intact copy of the MyDoom executable which can be run by mistake with a few mouse clicks. It looks like some postmasters are in the virus distribution business pretty much like the MyDoom virus itself. Perhaps these postmasters need to review their bounce message policies and remove all attached files from messages being bounced. Attached is a list of postmasters that appear to have sent me intact copies of the MyDoom virus today. Richard M. Smith http://www.ComputerBytesMan.com ============================================================== System Administrator [EMAIL PROTECTED] Mail Delivery Subsystem [EMAIL PROTECTED] [EMAIL PROTECTED] Mail Delivery System [EMAIL PROTECTED] Mail Delivery Subsystem [EMAIL PROTECTED] MAILER-DAEMON [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Mail Delivery Subsystem [EMAIL PROTECTED] Mail Delivery Subsystem [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
