I've got to agree on this one that it's probably accidental -- someone happens to be browsing the HLCoders archive on the machine, the worm goes through the cache, finds Alfred's e-mail along with the list broadcast address, and spoofs one to the other because it thinks the addresses are somehow related. Hanlon's Razor usually applies in these cases, and to be honest I'd be much more likely to believe some oblivious mule infected himself and is accidentally spamming the list than this anti-Valve Polish cybercaf� conspiracy nonsense. And since anyone can easily register for a free e-mail account from any computer in the world and then join the list with it, I have some serious doubts that simply blacklisting a single IP would have the slightest effect on such an operation even if it did exist.
The entire "links instead of attachments" argument is simply asinine considering the fact that the list *was* sent a standard mass-mailer virus via attachments before those were phohibited -- and the list is still here, without any apparent damage whatsoever. Suggesting that the members of a programmers' mailing list would, en masse, blindly download executable files from an unknown source, fail to check them for viruses, and then run them without the slightest concern is incredibly condescending, and downright absurd after taking into account that they have already been given the opportunity to do almost exactly the same thing and didn't. Instead of blatantly flaming the employees of a software company on their own mailing list for failing to implement countermeasures against a supposed attacker who in all likelihood does not exist, perhaps you should find a more constructive use of your time. ----- Original Message ----- From: "StealthMode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 15, 2004 3:36 PM Subject: Re: [hlcoders] ^_^ mew-mew (-: > @omega... > > How do you know it isnt a variant? I mean come on you are supposed to be a > coder, how easy is it to reverse engineer a virii and place your own code to > it? > > Now you are correct though in one instance. It is a worm. > > It was also dumped into computer #5 at the polish cyber cafe by a customer > who obviously wants the worm to be spread through anonymous means. > > He is using this polish cyber cafes computers to send email to ANYONE it has > recieved them from (including HLDS announce messages from ALFRED). > > However, to target the hl coders list at one time, and to engage the hlds > win32 list another, and even the nix list sometime thereafter. Only to > repeat the process every few months. Tells me this is more then one common > worm. The spoofing is happening from a customer at the cyber cafe. I > guarantee that. He is trying to distribute a worm that probably steals your > registry info for god knows what purpose. > > However, seeing as how it's Valve specifically that is being targeted. Says > that someone in Poland has it in for Valve. > > I could think of a few places (seeing as how right around the time the first > virus popped up in Alfreds name right after a guy in poland wrote the win32 > list asking if he had to pay for server software (eg: standalone hlds) > because he was being charged by a company (the same one that the cyber cafe > is run on) to have the software running on his own machines. > > But none of that really matters. What really matters is that an IT > professional "SHOULD" want to secure the networks he/she/it is responsible > for. And in NOT doing so and replying with ignorance, only shows how > insecure the entire steam network is. > > I can see a virus being distributed via steam very very soon.... > > > -=]H[=-StealthMode > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlcoders > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
