Jan, Thanks for that -- copy hereby sent to the PyMOL list. This is a relief. I was wondering why strange bounced email was coming back and had become concerned that infection had occurred here despite every precaution. SMTP-based email is indeed a hopeless cause. I vote for a return to smoke signals and semaphores.
- Warren Summary: The current viruses add a bogus "From" field, so don't get upset at the person who seemed to have sent that infected email to you since it wasn't really them. They are not infected -- someone else is. > -----Original Message----- > From: Computational Chemistry List [mailto:chemistry-requ...@ccl.net] On > Behalf Of Dr. Jan K Labanowski > Sent: Thursday, August 21, 2003 9:50 AM > To: chemis...@ccl.net > Cc: Dr. Jan K Labanowski > Subject: CCL:E-mail worm is going around > > Dear CCL, > > Since I got few a questions, I will post an answer to the whole list to > cool you down... > > There is a malicious Internet worm going on, which infects the (guess > what...) > Windows machines. It is an e-mail message which carries a virus with it > (so it is about 100kB large to be able to pack the virus executable). > It grabs addresses from the victim address book, and resends itself > to these addresses, and to make things worse, it also changes its From: > (i.e., the address from which the message is supposedly coming from) > to some address from the victim's address book. Of course, according to > the old saying: "The worse, the better...". Microsoft will sell us > upgraders, and improved products, and scoop millions of dollars in > consulting hours from people who use their maintainance program. > Hopefully events like this will revive economy and create new job > opportunities. > > Obviously, the chemis...@ccl.net is in many people address books, as well > as, > my personal address. Many of you got the mail which is supposedly coming > from, say, chemis...@ccl.net, but it really did not come from this > address. > > If you want to know more about this malice, read on... The e-mail message > consist of header and body. The header should contain the information > about > intended recipients, message origin, path which message traveled > (gateways) > before it got to you and the information about the type and methods of > encoding used for the body of the message. The message body is the actual > pay-load of the e-mail message). But make no mistake... Header is not the > envelope of your mail. It is not used by mail software (mail transfer > agent - MTA) to deliver your mail. Header has only an "informational" > (or lately often "dis-informational") value. > > The problem is that you can put anything you want in the header (beside > maybe the top Received: header line, which is usually added by your own > computer or mail gateway). The top Received: line (depending on the way > your > mail is configured) contains the information about the IP address of the > machine which had sent you the the message, and the destination of the > message > (i.e., in most cases it lists your own machine and sometimes your user id, > or > mail alias). However, beside the first Received: line (or maybe more, if > the mail was traveling to you via some trusted gateways as each legitimate > MTA should add its Received: line to the header -- SHOULD, but DOES NOT > HAVE TO!!!), all other header lines can be set by the mail originators to > anything they want. Most importantly: the To:, From:, Cc: do not have to > be > real, and THESE FIELDS ARE NOT USED IN DELIVERING THE MESSAGE !!!. > > To be more precise, if you use a legitimate mail composing program, > the destination of your mail message will be taken from the To: and/or > Cc: lines, and the From: line will point to you, when your > message is passed to your own mail transfer agent. BUT THE BAD GUYS > DO NOT USE STANDARD AND LEGITIMATE MAIL COMPOSERS AND TRANSFER AGENTS!!! > Note that the mail is delivered to your mail server by a special protocol > (SMTP), where the recipient's and originator's address is given to your > local > mail server as a part of delivery process, and THEY DO NOT HAVE TO BE EVEN > CLOSE to what is being given on the To: and From: lines of your message. > > At the same time, what is displayed in your e-mail browsing tool as > message > origin, is the From: line from header. CURRENTLY, THERE IS NO WAY TO > ESTABLISH > THE IDENTITY OF THE PERSON WHO HAD SENT MAIL TO YOU!!! The only thing > which > can be (in most cases!!!, not always!!!) established is the IP address > of the machine which forwarded you the message (this can be guessed from > inspecting the top Received: line of the header). In most cases the IP > address > of the originating machine is a TOTALLY USELESS information, since it > gives > you the pointer to the machine which was: > > 1) either hacked by spammers, > 2) or infected by the virus (i.e., a victim like you), > 3) or represents an open relay machine (made an open relay either > intentionally or not) > > We badly need a new electronic mail protocol, where the originator of the > mail can be either reliably identified, or the message is not delivered. > As always, there are scores of proposed protocols, none of them popular > or widely used, and all of them would require some kind of trusted > authority (e.g., digital certificate authority) which will verify that > a person on a From: line is really an originator of e-mail. Once something > of this kind gets adopted (years...) we will: > > 1) loose our privacy, > 2) will need to pay for it, > 3) the poor countries will not have money to support needed > infrastructure. > > Some of the older folks on the list remember when we used "finger" to > check, > if we should call someone at work or at home, and if he/she had read our > mail message... So long for "kindler and gentler Internet"... > > Panta rei, but unfortunately usually down the sewer... > > Yours, > Jan > > Jan K. Labanowski | phone: 614-292-9279, FAX: 614-292-7168 > Ohio Supercomputer Center | E-mail: j...@osc.edu > 1224 Kinnear Rd, | http://www.osc.edu/~jkl > Columbus, OH 43212-1163 | http://www.ccl.net/ http://asdn.net/ > > > > -= This is automatically added to each message by mailing script =- > To send e-mail to subscribers of CCL put the string CCL: on your Subject: > line > and send your message to: chemis...@ccl.net > > Send your subscription/unsubscription requests to: CHEMISTRY- > requ...@ccl.net > HOME Page: http://www.ccl.net | Jobs Page: http://www.ccl.net/jobs > > If your mail is bouncing from CCL.NET domain send it to the maintainer: > Jan Labanowski, j...@osc.edu (read about it on CCL Home Page) > -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > >