Why are postmasters distributing the MyDoom virus?

From: Richard M. Smith (rms_at_computerbytesman.com)
Date: 02/07/04

  • Next message: Giuseppe: "Re: Eggrop bug" 
    To: "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ@SECURITYFOCUS.COM>
Date: Sat, 7 Feb 2004 14:15:57 -0500

    Hi,

    I was looking over the MyDoom email messages that I received today and found
    about 15 copies of the worm which came from postmasters in bounce messages.
    Some postmasters, when sending out a bounce message, include the original
    email message as an attachment. If a bounce message is for a
    MyDoom-infected message, the bounce message will sometimes include an intact
    copy of the MyDoom executable which can be run by mistake with a few mouse
    clicks.

    It looks like some postmasters are in the virus distribution business pretty
    much like the MyDoom virus itself. Perhaps these postmasters need to review
    their bounce message policies and remove all attached files from messages
    being bounced.

    Attached is a list of postmasters that appear to have sent me intact copies
    of the MyDoom virus today.

    Richard M. Smith
    http://www.ComputerBytesMan.com

    ==============================================================

    System Administrator [postmaster@BARCODESOURCE.com]
    Mail Delivery Subsystem [MAILER-DAEMON@mailgw2.tiscali.dk]
    postmaster@COR.ORG
    Mail Delivery System [MAILER-DAEMON@mxr01.nyc02.dsl.net]
    Mail Delivery Subsystem [MAILER-DAEMON@dev.adorigin.com]
    MAILER-DAEMON [MAILER-DAEMON@swip.net]
    postmaster@walde.dk
    postmaster@att.net
    postmaster@dukerealty.com
    postmaster@sjeccd.org
    postmaster@wa-gunnet.co.jp
    Mail Delivery Subsystem [MAILER-DAEMON@SNET.Net]
    Mail Delivery Subsystem [MAILER-DAEMON@msbit.com]

  • Next message: Giuseppe: "Re: Eggrop bug"

    Relevant Pages
    Loading