On Wed, Feb 11, 2004 at 05:58:33PM +0200, Willie Viljoen wrote:
> This is slightly off topic, as it applies to anybody doing virus checking
> and sending alerts to the sender, not just Exim users. I feel I should post
> it anyway, in the hope that it helps.
>
> Variants of the MyDoom worm that spread via e-mail seem to be following the
> pattern not only to harvest target addresses from mailing lists, infected
> address books, etc, but to also harvest addresses for use in forging a
> sender address. This is probably a way for the virus to get around callbacks
> and other verification procedures, i.e., forging an e-mail from a valid
> address in a valid domain.
A similar topic was discussed on Bugtraq a few weeks ago:
http://marc.theaimsgroup.com/?l=bugtraq&m=107577192723048&w=2
where the OT was pointed to various RFCs that already detail suggestions
for AV autoresponders et al.
--
Jez Hancock
- System Administrator / PHP Developer
http://munk.nu/
http://jez.hancock-family.com/ - Another FreeBSD Diary
http://ipfwstats.sf.net/ - ipfw peruser traffic logging
