This is the mail archive of the
insight@sources.redhat.com
mailing list for the Insight project.
Re: ezmlm probe
- From: Bruce Korb <bkorb at pacbell dot net>
- To: insight at sources dot redhat dot com
- Date: Fri, 22 Feb 2002 16:55:32 -0800
- Subject: Re: ezmlm probe
- Organization: Home
- References: <1014431780.26168.ezmlm-warn@sources.redhat.com>
insight-help@sources.redhat.com wrote:
>
> Hi! This is the ezmlm program. I'm managing the
> insight@sources.redhat.com mailing list.
Hi! This is a real person. You should try to find time
to fix the issue because these messages were properly
bounced. This one made it through only because the
malicious payload was sufficiently obscured that it
became unrecognizable.....( please note that it was "gnu.org"
that was doing the bouncing!! )
> Subject: Mail delivery failed: returning message to sender
> Message-Id: <E16a6yq-0004gv-00@fencepost.gnu.org>
> Date: Sun, 10 Feb 2002 22:18:12 -0500
>
> This message was created automatically by mail delivery software (Exim).
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
> bkorb@gnu.org
> This message has been rejected because it has
> a potentially executable attachment www.myparty.yahoo.com
> This form of attachment has been used by
> recent viruses or other malware.
> If you meant to send this file then please
> package it up as a zip file and resend it.
>
Here is the worm attachment, an executable disguised
as a URL:
> From: yhkim@nuri.keti.re.kr
> Message-Id: <200201290939.SAA02178@nuri.keti.re.kr>
> To: insight@sources.redhat.com
> Subject: new photos from my party!
>
> Hello!
>
> My party... It was absolutely amazing!
> I have attached my web page with new photos!
> If you can please make color prints of my photos. Thanks!
>
> begin 666 www.myparty.yahoo.com
> M.....