Sirs,
And this alternative response.
Peter
Original Message
Subject: Re: no more spam or virus but attack
Date: Mon, 29 Apr 2002 18:06:52 +0200
From: Martin Kraemer [EMAIL PROTECTED]
To: GOMEZ Henri [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
References: [EMAIL PROTECTED]
On Mon, Apr 29, 2002 at 05:40:41PM +0200, GOMEZ Henri wrote:
Hi to all,
I just received this email, with fake from header
of Christopher Cain.
The subject is about jni worker, and attached file
included a httpd.exe.
that's no more a spam or virus but a 'human writen'
mail caming from someone who track our tomcat-dev list.
Someone who know about tomcat, httpd, jni and worker.
I disagree. I got similar virus-loaded mails from all over the
world, many (apparently) sent by by ASF members, and carrying
titles referring to ASF topics.
This virus-bot (I think) picks up its keywords from the various
HTML pages we have, and adds some dressing to make a nice
Subject (like: You are done, the , or
'Undeliverable mail--') using mailto: links
from the same page, or belonging to the same site.
Some mails I presumably got from Ralf Engelschall:
[EMAIL PROTECTED] A WinXP patch
[EMAIL PROTECTED] A powful tool
from Marc (sic!)
[EMAIL PROTECTED] W32.Klez.E removal tools
or from
[EMAIL PROTECTED] Undeliverable mail--Apache HTTP Server Version 1.3
[EMAIL PROTECTED] Undeliverable mail--ACCESSKEY
[EMAIL PROTECTED] Undeliverable mail--by mod
[EMAIL PROTECTED] Returned mail--bgcolor
(in this case it's most obvious: such a syntax is ONLY used by viri)
*ALL OF THESE* exploit the same multipart/alternative bug of
M$/Outlook which executes dynamic content without asking.
What could we do against that ?
- Commiters PGP to signe messages ?
It works for many mail readers even M$ one but not
for Netscape Messenger .
- Ask all of us to be very very carefull when receiving
mail with attached files, even if the From header appears
to be from someone known.
No problem for me. Zilch, none nadda. I read my mails on FreeBSD.
Also, I added amavis + nai uvscan so that the other users on my
machine don't get infected ;-) and I use up less space in my spam-mailbox.
Martin
--
| Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
