Jan,
Thanks for that -- copy hereby sent to the PyMOL list. This is
a relief. I was wondering why strange bounced email was coming back and
had become concerned that infection had occurred here despite every
precaution.
SMTP-based email is indeed a hopeless cause. I vote for a
return to smoke signals and semaphores.
- Warren
Summary:
The current viruses add a bogus "From" field, so don't get upset
at the person who seemed to have sent that infected email to you since
it wasn't really them. They are not infected -- someone else is.
> -----Original Message-----
> From: Computational Chemistry List [mailto:chemistry-requ...@ccl.net]
On
> Behalf Of Dr. Jan K Labanowski
> Sent: Thursday, August 21, 2003 9:50 AM
> To: chemis...@ccl.net
> Cc: Dr. Jan K Labanowski
> Subject: CCL:E-mail worm is going around
>
> Dear CCL,
>
> Since I got few a questions, I will post an answer to the whole list
to
> cool you down...
>
> There is a malicious Internet worm going on, which infects the (guess
> what...)
> Windows machines. It is an e-mail message which carries a virus with
it
> (so it is about 100kB large to be able to pack the virus executable).
> It grabs addresses from the victim address book, and resends itself
> to these addresses, and to make things worse, it also changes its
From:
> (i.e., the address from which the message is supposedly coming from)
> to some address from the victim's address book. Of course, according
to
> the old saying: "The worse, the better...". Microsoft will sell us
> upgraders, and improved products, and scoop millions of dollars in
> consulting hours from people who use their maintainance program.
> Hopefully events like this will revive economy and create new job
> opportunities.
>
> Obviously, the chemis...@ccl.net is in many people address books, as
well
> as,
> my personal address. Many of you got the mail which is supposedly
coming
> from, say, chemis...@ccl.net, but it really did not come from this
> address.
>
> If you want to know more about this malice, read on... The e-mail
message
> consist of header and body. The header should contain the information
> about
> intended recipients, message origin, path which message traveled
> (gateways)
> before it got to you and the information about the type and methods of
> encoding used for the body of the message. The message body is the
actual
> pay-load of the e-mail message). But make no mistake... Header is not
the
> envelope of your mail. It is not used by mail software (mail transfer
> agent - MTA) to deliver your mail. Header has only an "informational"
> (or lately often "dis-informational") value.
>
> The problem is that you can put anything you want in the header
(beside
> maybe the top Received: header line, which is usually added by your
own
> computer or mail gateway). The top Received: line (depending on the
way
> your
> mail is configured) contains the information about the IP address of
the
> machine which had sent you the the message, and the destination of the
> message
> (i.e., in most cases it lists your own machine and sometimes your user
id,
> or
> mail alias). However, beside the first Received: line (or maybe more,
if
> the mail was traveling to you via some trusted gateways as each
legitimate
> MTA should add its Received: line to the header -- SHOULD, but DOES
NOT
> HAVE TO!!!), all other header lines can be set by the mail originators
to
> anything they want. Most importantly: the To:, From:, Cc: do not have
to
> be
> real, and THESE FIELDS ARE NOT USED IN DELIVERING THE MESSAGE !!!.
>
> To be more precise, if you use a legitimate mail composing program,
> the destination of your mail message will be taken from the To: and/or
> Cc: lines, and the From: line will point to you, when your
> message is passed to your own mail transfer agent. BUT THE BAD GUYS
> DO NOT USE STANDARD AND LEGITIMATE MAIL COMPOSERS AND TRANSFER
AGENTS!!!
> Note that the mail is delivered to your mail server by a special
protocol
> (SMTP), where the recipient's and originator's address is given to
your
> local
> mail server as a part of delivery process, and THEY DO NOT HAVE TO BE
EVEN
> CLOSE to what is being given on the To: and From: lines of your
message.
>
> At the same time, what is displayed in your e-mail browsing tool as
> message
> origin, is the From: line from header. CURRENTLY, THERE IS NO WAY TO
> ESTABLISH
> THE IDENTITY OF THE PERSON WHO HAD SENT MAIL TO YOU!!! The only thing
> which
> can be (in most cases!!!, not always!!!) established is the IP address
> of the machine which forwarded you the message (this can be guessed
from
> inspecting the top Received: line of the header). In most cases the IP
> address
> of the originating machine is a TOTALLY USELESS information, since it
> gives
> you the pointer to the machine which was:
>
> 1) either hacked by spammers,
> 2) or infected by the virus (i.e., a victim like you),
> 3) or represents an open relay machine (made an open relay either
> intentionally or not)
>
> We badly need a new electronic mail protocol, where the originator of
the
> mail can be either reliably identified, or the message is not
delivered.
> As always, there are scores of proposed protocols, none of them
popular
> or widely used, and all of them would require some kind of trusted
> authority (e.g., digital certificate authority) which will verify that
> a person on a From: line is really an originator of e-mail. Once
something
> of this kind gets adopted (years...) we will:
>
> 1) loose our privacy,
> 2) will need to pay for it,
> 3) the poor countries will not have money to support needed
> infrastructure.
>
> Some of the older folks on the list remember when we used "finger" to
> check,
> if we should call someone at work or at home, and if he/she had read
our
> mail message... So long for "kindler and gentler Internet"...
>
> Panta rei, but unfortunately usually down the sewer...
>
> Yours,
> Jan
>
> Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168
> Ohio Supercomputer Center | E-mail: j...@osc.edu
> 1224 Kinnear Rd, | http://www.osc.edu/~jkl
> Columbus, OH 43212-1163 | http://www.ccl.net/ http://asdn.net/
>
>
>
> -= This is automatically added to each message by mailing script =-
> To send e-mail to subscribers of CCL put the string CCL: on your
Subject:
> line
> and send your message to: chemis...@ccl.net
>
> Send your subscription/unsubscription requests to: CHEMISTRY-
> requ...@ccl.net
> HOME Page: http://www.ccl.net | Jobs Page: http://www.ccl.net/jobs
>
> If your mail is bouncing from CCL.NET domain send it to the
maintainer:
> Jan Labanowski, j...@osc.edu (read about it on CCL Home Page)
>
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>
>
>
