[ale] email virus? rehash.... with onions

Kevin Krumwiede krum at smyrnacable.net
Tue May 7 20:04:14 EDT 2002


No.  What was happening was that Mallory would send a virus-laden email
to Bob, using Alice's name in the "from" field.  Bob would warn Alice
that her computer was infected, but of course her AV scanner wouldn't
find anything.  Meanwhile, Mallory would remain oblivious.

Krum

On Tue, 2002-05-07 at 19:48, Jeff Hubbs wrote:
> Just so I understand the implications fully...
> 
> When Klez first spread in the wild, was it going undetected by the usual 
> Windows anti-virus software, even if said software was using current 
> updates of their signature files?
> 
> If so, then I find this VERY damning.
> 
> - Jeff
> 
> James P. Kinney III wrote:
> 
> > That brings up an interesting argument for the eradication of M$ on the
> > corporate desktop. The viral spreading of confidential information could
> > be viewed as a bigger security threat than just the headache and hassle
> > of a network getting trashed by a bug going haywire.
> > 
> > On Tue, 2002-05-07 at 17:55, Irv Mullins wrote:
> > 
> >>On Tuesday 07 May 2002 05:29 pm, you wrote:
> >>
> >>>On Tue, 2002-05-07 at 17:07, Cade Thacker wrote:
> >>>
> >>>>I cleaned out my mail box the other day, so I don't have the discusion
> >>>>that you all had the other day, but I just go a bounce back of an email I
> >>>>did not send. Attached is a small file that "file" returns the following:
> >>>>
> >>>>border.bat: MS-DOS executable (EXE), OS/2 or MS Windows
> >>>>
> >>>>What was the summary of this puppy? something to do with W32/Klez?
> >>>>
> >>>http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.htm
> >>>
> >>Thanks for the confirmation.
> >>It's interesting to take a look at the third (random, I guess) 
> >>file that is attached to those worms. Using khexedit or similar,
> >>I have found html, jpg's, and a "confidential" business report 
> >>so far.
> >>
> >>We need smarter worms, which can look for pictures of "girlfriends"
> >>to send out :p
> >>
> >>Regards,
> >>Irv
> >>
> >>---
> >>This message has been sent through the ALE general discussion list.
> >>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> >>sent to listmaster at ale dot org.
> >>
> 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list