[fpc-devel]Problem with mailinglist (forged mail)

Jonas Maebe jonas at zeus.rug.ac.be
Thu May 2 11:11:13 CEST 2002


On Thu, 2 May 2002, Konstantin Muenning wrote:

> >next victim. When the "To" address becomes one of the fpc-mailing lists,
> >the mailing list software always blocks the message (as it dods with all
> >messages > 25kb) and waits for the moderator to decide whether or not the
> >message should be sent to the list).
>
> Do you mean the "To" or the "From" address? If you mean the "To" address
> then all mails to the lists are blocked and are waiting to be reviewed?!?.

No, only those >25kb.

> >At the same time, it also sends a message to the "From" address to inform
> >the poster (or what it thinks is the poster) that his message is being
> >held for approval by the moderator. Since the from address is faked
> >however, this indeed results in mails being sent to people who have
> >nothing to do with that virus mail.
>
> Yes but the behaviour here would indicate that the "From" address was also
> the mailing list. Or do I get something wrong?

Yes. The warning messages are *not* being sent to the list (except if the
"from" address was also an fpc-mailing list address, but those warning
messages are blocked as well, so they don't appear on the list either).
It's just that people who have the address of the mailing list somewhere
on their HD are usually also subscribed tot he list as well, so they
probably have the addresses of several subscribers on their computer. The
virus can then pick such an address as "from" and the mailing address as
"to", causing the warning message being sent to one of the subscribers
(or anyone else whose email address is chosen as from address).

> It's not annoying for me, I think you should keep it on. I was just
> curious if this is a virus and I still have no ansver :-(. You probably
> have reviewed the mail. What was it?

It's not one mail, there are about 4-10 of such mails being sent (and
blocked) to the fpc mailing lists. And yes, they are being sent by
virusses (and contain the virus as an attachment, which is why they are
so big). However, these vriusses are not on the computer of the person
in "from" field, since those addresses were just randomly chosen from the
infected person's HD.

The bottom line is: you can delete any sich mails you received and be
certain that as long as the virusses are >25kb, they will not be spread
by any of the fpc mailing lists.


Jonas





More information about the fpc-devel mailing list