[Full-Disclosure] Why are postmasters distributing the MyDoom virus?
Edward W. Ray
support at mmicman.com
Sat Feb 7 21:37:24 GMT 2004
possibly forged or owned mail servers. Also maybe some dumb-ass mail admin
actually opened one of these, like on an Exchange Server?
From: full-disclosure-admin at lists.netsys.com
[mailto:full-disclosure-admin at lists.netsys.com] On Behalf Of Richard M.
Sent: Saturday, February 07, 2004 11:16 AM
To: full-disclosure at lists.netsys.com
Subject: [Full-Disclosure] Why are postmasters distributing the MyDoom
I was looking over the MyDoom email messages that I received today and found
about 15 copies of the worm which came from postmasters in bounce messages.
Some postmasters, when sending out a bounce message, include the original
email message as an attachment. If a bounce message is for a
MyDoom-infected message, the bounce message will sometimes include an intact
copy of the MyDoom executable which can be run by mistake with a few mouse
It looks like some postmasters are in the virus distribution business pretty
much like the MyDoom virus itself. Perhaps these postmasters need to review
their bounce message policies and remove all attached files from messages
Attached is a list of postmasters that appear to have sent me intact copies
of the MyDoom virus today.
Richard M. Smith
System Administrator [postmaster at BARCODESOURCE.com] Mail Delivery Subsystem
[MAILER-DAEMON at mailgw2.tiscali.dk]
postmaster at COR.ORG
Mail Delivery System [MAILER-DAEMON at mxr01.nyc02.dsl.net]
Mail Delivery Subsystem [MAILER-DAEMON at dev.adorigin.com] MAILER-DAEMON
[MAILER-DAEMON at swip.net] postmaster at walde.dk postmaster at att.net
postmaster at dukerealty.com postmaster at sjeccd.org postmaster at wa-gunnet.co.jp
Mail Delivery Subsystem [MAILER-DAEMON at SNET.Net] Mail Delivery Subsystem
[MAILER-DAEMON at msbit.com]
Full-Disclosure - We believe in it.
Full-Disclosure is hosted and sponsored by Secunia.