[Mailman-Users] Mail Lists, Authorized Posters and Virus/Worm Access

Bob Bowers Wed, 05 May 2004 01:33:11 -0700

In my community last week, someone gained access to a mail list with hundreds of subscribers by mimicking an email address authorized to post to the list (moderation bit set OFF). In such a case, moderator approval was not required. What resulted was that a worm of the W32Beagle variety was sent to many hundreds of subscribers. I have changed all my mail lists to require active moderation of all posts (moderation bits are ON for all subscribers), and automatic rejection of all posts from non-members.

It appears that it was just a matter of time for someone with ill intent to figure out that the "from" address in a message from a mail list might represent access to the mail list for mischief. It would not appear accidental that a virus or worm operating on some unsuspecting individual's computer accidentally sent itself to the posting address of a mail list as well as from an authorized email address. It is more likely that it was deliberate.

------------------------------------------------------
Mailman-Users mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

[Mailman-Users] Mail Lists, Authorized Posters and Virus/Worm Access

Reply via email to