[ net_freek @ 09.11.2002. 02:27 ] @
Ne znam da li neko ima slično iskustvo ali moj mailbox je u poslednja dva dana zasut mailovima sa virusom poslatih putem mailing liste cuvenog proizvodjaca antivirusnog softvera, firme Kaspersky Labs (ironicno zar ne). Mnogi serveri korisceni za relaying su doticne poruke ocistili od virusa i o tome me obavestili mailom. Prosto ne mogu da verujem da se slanjem maila sa bilo koje adrese na adresu: [email protected] poruka salje svima sa mailing liste. U svakom slucaju zanima me jos necije vidjenje ovog propusta od strane kasperskog. Slede dva maila sa sve header-ima:

============================================================================

Return-Path: <[email protected]>
Received: from webserver2.kaspersky-labs.com ([195.161.113.178])
by avala.yubc.net (8.9.3/8.9.3) with ESMTP id JAA01510;
Fri, 8 Nov 2002 09:25:50 +0100
Received: by webserver2.kaspersky-labs.com (Postfix)
id A077920E72; Fri, 8 Nov 2002 08:10:54 +0300 (MSK)
Delivered-To: [email protected]
Received: from messagerie.multiphone.fr (messagerie.multiphone.fr [194.206.157.135])
by webserver2.kaspersky-labs.com (Postfix) with ESMTP id AF9F520B8C
for <[email protected]>; Fri, 8 Nov 2002 02:40:37 +0300 (MSK)
Received: by MESSAGERIE with Internet Mail Service (5.5.2650.21)
id <WMJKSYLR>; Fri, 8 Nov 2002 00:40:41 +0100
Message-ID: <[email protected]>
From: "[MESSAGERIE] Panda Antivirus for Exchange Server" <[email protected]>
To: "'[email protected]'" <[email protected]>
Subject: Incident de virus
Date: Fri, 8 Nov 2002 00:40:40 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by avala.yubc.net id JAA01510
X-UIDL: Tj^"!(&K!!W>!#!D%m"!
Status: U


Panda Antivirus a detecte les virus suivants dans le message:
Server : MESSAGERIE

Envoye par :
Adresse : [email protected]
A : [email protected]
Objet : Returned mail: see transcript for details
Date : 08/11/2002 01:40

VIRUS DETECTE

Fichier : ~000003.txt
Virus : Exploit/iFrame - Desinfecte
Fichier : README.EXE
Virus : W32/Bride - Desinfecte

http://www.pandasoftware.com

===============================================================================

Return-Path: <[email protected]>
Received: from webserver2.kaspersky-labs.com ([195.161.113.178])
by avala.yubc.net (8.9.3/8.9.3) with ESMTP id HAA10814;
Fri, 8 Nov 2002 07:42:47 +0100
From: [email protected]
Received: by webserver2.kaspersky-labs.com (Postfix)
id A573B20860; Fri, 8 Nov 2002 01:24:48 +0300 (MSK)
Delivered-To: [email protected]
Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2])
by webserver2.kaspersky-labs.com (Postfix) with ESMTP id B9377203FF
for <[email protected]>; Fri, 8 Nov 2002 00:49:29 +0300 (MSK)
Received: (from [email protected])
by adm.sci-nnov.ru (8.11.6/8.11.6) id gA7LiKC43084
for <[email protected]>; Fri, 8 Nov 2002 00:44:20 +0300 (MSK)
(envelope-from [email protected])
Date: Fri, 8 Nov 2002 00:44:20 +0300 (MSK)
Message-Id: <[email protected]>
X-Authentication-Warning: adm.sci-nnov.ru: drweb set sender to [email protected] using -f
X-drweb-hash: b4b175cb07c2092f0170f0e35ce7e243
Subject: [unknown-subject]
Content-Type: text/plain; charset=koi8-r
To: <[email protected]>
X-UIDL: GNh"!97b"!A#d!!L['#!
Status: U

Dear Sender,
message sent from your e-mail address (address may be spoofed)
to <[email protected]> was probably infected and was not delivered.
Antiviral filter report:

========================
DrWeb found next viruses:
========================
infected with Trojan.IframeExec
infected with Win32.HLLM.Generic.95


Recipient was warned and can obtain a copy of infected message.

This message was generated automatically by mail delivery software.
[ _/\_pustinjak_/\_ @ 25.11.2002. 16:57 ] @
I sta ja govorim. Na taj mailing listu ne mozes tek tako da pridjes i da poshaljes virus. To je neko iznutra uradio. Bice tu jedan veliki minus Kasperskom.
Ma oni su to u dogovoru. Posle ce taj isti kaspersky napraviti neki novi aV za taj vrus koji je upravo on pocheo da shalje!
[ Mihailo @ 25.11.2002. 18:15 ] @
Čisto sumnjam da je tako nešto u pitanju. To se radio na mnogo finiji način nego da ti pošalju virus preko njihove liste. Pre će biti da je neko zloupotrebio loše podešen mail server gde je ta lista.
[ _/\_pustinjak_/\_ @ 26.11.2002. 16:00 ] @
moze biti