Re: Odd spam / virus - comments ?
In message <011301c1d4ad$b5676f10$2028a8c0@carpenter>, "Peter Galbavy" writes:
OK - As a knowledgeable bunch, maybe you lot can give me pointers.
A customer / friend phoned me last night saying that I sent him a virus by e-mail. Now, I am far more careful than that - at least I hope. It turned out that it wasn't me, but a forgery. Now, that is not unusual, but what is that the recipient is someone I know.
There are worms out there (such as Nimda.E) that use Outlook address books not just for lists of victims, but also as "From:" addresses. In other words, your involvement might be having sent email to someone else who is infected. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com
On Tue, 26 Mar 2002 09:13:08 EST, "Steven M. Bellovin" said:
There are worms out there (such as Nimda.E) that use Outlook address books not just for lists of victims, but also as "From:" addresses. In other words, your involvement might be having sent email to someone else who is infected.
An important addendum here - "having sent mail" includes posting to a mailing list that has a subscriber. I've gotten a lot of complaints because the actual perpetrator was a subscriber to NANOG or IETF or one of the many SecurityFocus mailing lists I post to. And once you take the union of *all* those lists, you start hitting the "birthday paradox" - it becomes *very* likely that if you and the recipient know each other (by virtue of being in the computer industry) that a third party has seen mail from both of you. Another way to look at it is that the "6 degrees" game can easily drop 2 or 3 degrees *really* fast if you allow "A and B both subscribe to the same mailing list" as a connection. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
participants (2)
-
Steven M. Bellovin
-
Valdis.Kletnieks@vt.edu