[fitsbits] Full moderation now (or 'Klez strikes Mailman')
Don Wells
dwells at NRAO.EDU
Thu Aug 1 15:25:29 EDT 2002
Dear <fitsbits>/sci.astro.fits subscribers,
About 8 hours ago the <fitsbits> mailing list distributed a message:
From: dwells <dwells at NRAO.EDU>
To: fitsbits at NRAO.EDU
Subject: [fitsbits] Cellspacing
Date: Thu, 1 Aug 2002 13:15:52 +0200
That message did not come from me. It appears to have been produced
by an instance of a 'Klez' virus [*] executing on some computer in the
+0200 timezone, probably in South Africa if the Received lines in the
header can be believed.
The Klez virus found 'fitsbits at nrao.edu' and 'dwells at nrao.edu' in an
address book on the infected machine and chose them randomly as the To
and From lines of the message it generated. The message was
distributed by <fitsbits> *automatically* because the From line
appeared to come from a list member (me in this case). A
non-list-member From line in such a Klez message would have been
presented to me (the 'owner' of <fitsbits>) for approval; I reject
such messages frequently.
Until today I thought that it would be highly unlikely that a random
combination of To and From lines would be distributed by <fitsbits>
automatically. Now I know that this is a real, significant risk.
Therefore, I have made a change:
<fitsbits> is now presenting all posts to me for approval.
I expect to change the operating mode back to "Restrict posting
privilege to list members" in about two months, when NRAO will install
a virus filter.
Regards,
Don Wells ['owner' of <fitsbits at nrao.edu>]
[*] see
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen.html
--
Donald C. Wells Scientist - GBT Project dwells at nrao.edu
http://www.cv.nrao.edu/~dwells
National Radio Astronomy Observatory +1-434-296-0277
520 Edgemont Road, Charlottesville, Virginia 22903-2475 USA
(DCW is often in Green Bank, West Virginia, at +1-304-456-2146)
More information about the fitsbits
mailing list