MyDoom (was: Test)
bscott at ntisys.com
bscott at ntisys.com
Mon Feb 2 12:34:37 EST 2004
On Mon, 2 Feb 2004, at 10:52am, mkomarinski at wayga.org wrote:
>> It is worth pointing out that, like most such malware, the MyDoom worm
>> forges the "From" address.
>
> SPF would prevent a lot of this from happening, strangely enough.
True, but then the malware will just switch back to using the "real" email
address of the sender.
> I think the greater danger is having some bit of OSS code be released that
> has a trojan in it intentionally from the author.
Well, it depends on how you define "danger". I know the very Trojan
strategy you have described has been used, with varying degrees of success,
before. But such things generally need to be installed manually to
propagate, which means distribution is likely to be fairly limited before
the subterfuge is discovered. A mass-mailing worm, however, takes advantage
of naive lusers to propagate very quickly. That means the potential
distribution is a lot higher, even if the potential payload damage is,
perhaps, reduced.
> This is one of the reasons that I prefer getting code prepackages from a
> distribution than rolling my own.
And you check all those pre-built packages using an independently verified
digital signature, right? :-)
--
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
More information about the gnhlug-discuss
mailing list