Re: [Full-Disclosure] Apparently the practice was prevalent

[Nick FitzGerald <nick@virus-l.demon.co.uk>]

hggdh <hggdh@comcast.net> to Paul:

<<snip>>
> As Valdis said earlier, user:password@site is a DE FACTO standard. It
> goes against the RFC? Well, get over it. Such is life. It has not been
> the first time, and it will not be the last one. What defines a
> de facto standard is prevalence of use. Nobody can argue that the IE
> browser is not prevalent...

Sending complete copies of virus-carrying Email messages to sender 
addresses the virus scanning Email gateways know are forged is a DE 
FACTO standard.  As "hggdh" says, what defines a de facto standard is 
prevalence of use and we all know that virtually all Email gateway 
virus scanners do this. Nobody can argue that "bouncing" such viral 
Email messages to known non-senders is not prevalent...

If the AV developers "broke" this behaviour the virus writers who had 
been depending on it as a distribution mechanism would, presumably, be 
all upset and have to "quickly redesign" their systems to trick the 
"fixed" virus scanners to keep redistributing their viruses for them.

Oddly this "but it's a de facto standard" argument simply does not 
stack up when applied elsewhere...

(Yes, I know "hggdh" went on to explain he disagrees, but his was the 
most succinct expression of the idiocy others -- such as Esser and the 
folk quoted in Lemos' article -- apparently adhere to, and thus best to 
lampoon thus.)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html