JC Dill wrote: > >Most moderators use the web to approve email from *others*, but most of >the ones I know who are responsible for originating content for their >list use the approved header when they send the content to their list so >that they don't have to take an additional step of going to the webpage >to approve the message they just sent. My speculation is about this >exact scenario, a moderator who uses the approved header has old email >with that header in their "sent" box, and a virus/trojan grabbed one of >those messages and resent it (with the approved header) with the virus >payload attached. > >If it hasn't happened yet, then "yet" is the critical factor. It's >going to happen someday...
I certainly agree that the above scenario is possible and that someday it may happen, but it didn't happen in the case reported at the start of this thread. The OP gave a link to Symantec's description of the identified worm - http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] This worm harvests e-mail addresses from many places on a newly infected computer, but it doesn't use found e-mail as a template for sending itself out. It creates its own subject and body for the outgoing mail. Furthermore, if such a scenario has occurred or did occur in the future, I suspect it would be just an unlucky accident. While I'm sure that a clever worm creator could deliberately try to exploit this potential vulnerability, I don't think the payoff would be sufficient to justify the attack. First of all, the attack would rely on a list administrator keeping a copy of a sent post with the approval in it. Then this administrator who at least statistically is likely to be much more savey about viruses and worms than the typical user would have to receive and execute the incoming worm on the appropriate hardware/OS platform. And finally, the list would have to allow executable attachments and not otherwise block the worm. Then, if all the conditions were met, the payoff would be another hundred or thousand or so potential recipients. It just seems to me that the expected increase in the number of recipients due to deliberately implementing this attack wouldn't be great enough to bother with. That's not to say that it couldn't or wouldn't occur by accident. If there are or will be worms that use e-mail found on a machine as a template for sending themselves out, I'm sure that eventually this will happen. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
