[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Email
- To: full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] Email
- From: Nick FitzGerald <nick@virus-l.demon.co.uk>
- Date: Thu, 05 Feb 2004 13:46:31 +1300
D B <geggam692000@yahoo.com> wrote:
> I'm by no means a security expert nor do I want to be,
> but while I read this list at 3 am my mind wanders and
> I wish for someone from experience to explain to me
> why any virus can infect any mail server / user when
> those administrating a mail server can make a mail
> server handle mail in the manner I pasted a snippet of
> from my own in-box.
>
> ( obvious designator )
> ****************snippet****************
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: text/plain;
> charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
>
> The message cannot be represented in 7-bit ASCII
> encoding and has been
> sent as a binary attachment.
>
>
> ------=_NextPart_000_0012_FAA048F2.06F42141
> Content-Type: application/octet-stream;
> name="message.pif"
> Content-Transfer-Encoding: base64
> Content-Disposition: attachment;
> filename="message.pif"
>
> TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>
> ****************snip***************
> ( end of obvious designator )
You are confusing the effect of a deliberate attempt by the Mydoom
virus writer to "trick" the recipient of the virus' Emails into opening
the attachment (and to then, "hopefully", open/execute the contents of
the .ZIP file) with the actions of a mail server or relay ppresumably
between the message's sender and its recipient.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html