[GLLUG] SoBig.F Spam
Dpk
dpk at egr.msu.edu
Fri Aug 29 02:00:10 EDT 2003
On Tue, Aug 26, 2003 at 11:58:38PM -0400, Chick Tower wrote:
I started getting SoBig spam messages on Sunday at this e-mail
address, which I hardly ever use, and I wondered how that could be.
It not only spams addresses in the address lists of infected PCs, it
spoofs at least some of those addresses in messages sent to other
people, so I've been getting automated messages from mail systems
saying my messages couldn't or wouldn't be delivered. Today I
received some SoBig-generated messages purportedly from two posters
on this mailing list. I suspect that this mailing list has somehow
been compromised, obviously by a computer running Windows. Could
that be the mail server for this mailing list? It might be that
someone receives this mailing list on a Windows PC and, when they
reply to someone who posted a message, the address is automatically
saved in their address book. That sounds like something Outlook
would volunteer to do for users.
[snip]
The mailing list is in no way "compromised". The mail server is
running UNIX which isn't even capable of running a windows binary
worm/virus such as SoBig. True of any mailing list, if you post, a
number of unknown people will receive your mail! Anyone can subscribe
to this list and use your address for fun and/or profit. You also run
the risk of a Windows user automatically saving your address to their
address book and automatically opening a Windows virus/worm on their
computer.
If I know of someone abusing this list, I would obviously disable the
address, but in general, posting to public forums will result in a
certain set of risks that you will have to mitigate.
dpk
More information about the linux-user
mailing list