JC Dill wrote: > >An attack of this type would not be just for list administrator posts. >It would also get past whitelist filters - because the message would >come from someone you have already received email from and are much more >likely to be accepting email from than some random stranger address. If >we haven't seen it it's just because we haven't seen it *yet*. I'm sure >spammers are busy working on something like this right now, as a way to >create more zombies with their virus/trojan payload.
We definitely have seen the "whitelist" attack. I think the majority of todays worms harvest addresses from an infected machine and spoof one of them as the sender on the theory that the addresses found on a given machine are members of an affinity group of some kind and are more likely to accept mail from one of their own than from a random address. I have seen this result in a worm being posted to a list because the list address was found on a machine and the spoofed sender also found on the machine happened to be a list member. I've not seen this on any of my Mailman lists and I won't see the payload in any case because the lists don't allow attachments, but I have seen it on Yahoo Groups. >So I repeat my <soapbox> statement, don't allow attachments to your >mailing list. The downside is too great, sooner or later your list WILL >end up spreading a virus. And I agree. I don't allow attachments on any lists that I manage and I encourage others to do the same. There are other ways to make binary information available to a group. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
