[Full-Disclosure] Why are postmasters distributing the MyDoom virus?

Edward W. Ray support at mmicman.com
Sat Feb 7 21:37:24 GMT 2004 

 possibly forged or owned mail servers.  Also maybe some dumb-ass mail admin
actually opened one of these, like on an Exchange Server?

-----Original Message-----
From: full-disclosure-admin at lists.netsys.com
[mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of Richard M.
Smith
Sent: Saturday, February 07, 2004 11:16 AM
To: full-disclosure at lists.netsys.com
Subject: [Full-Disclosure] Why are postmasters distributing the MyDoom
virus?

Hi,

I was looking over the MyDoom email messages that I received today and found
about 15 copies of the worm which came from postmasters in bounce messages.
Some postmasters, when sending out a bounce message, include the original
email message as an attachment.  If a bounce message is for a
MyDoom-infected message, the bounce message will sometimes include an intact
copy of the MyDoom executable which can be run by mistake with a few mouse
clicks.

It looks like some postmasters are in the virus distribution business pretty
much like the MyDoom virus itself.  Perhaps these postmasters need to review
their bounce message policies and remove all attached files from messages
being bounced.

Attached is a list of postmasters that appear to have sent me intact copies
of the MyDoom virus today.

Richard M. Smith
http://www.ComputerBytesMan.com

==============================================================

System Administrator [postmaster at BARCODESOURCE.com] Mail Delivery Subsystem
[MAILER-DAEMON at mailgw2.tiscali.dk]
postmaster at COR.ORG
Mail Delivery System [MAILER-DAEMON at mxr01.nyc02.dsl.net]
Mail Delivery Subsystem [MAILER-DAEMON at dev.adorigin.com] MAILER-DAEMON
[MAILER-DAEMON at swip.net] postmaster at walde.dk postmaster at att.net
postmaster at dukerealty.com postmaster at sjeccd.org postmaster at wa-gunnet.co.jp
Mail Delivery Subsystem [MAILER-DAEMON at SNET.Net] Mail Delivery Subsystem
[MAILER-DAEMON at msbit.com]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure is hosted and sponsored by Secunia.