Hi!
I just subscribed to the list, so please excuse if I don't reply to the appropriate posting
directly.
We had the same problems on Monday as described by "MajorDomo Administrator,
MSER:EX". A virus infected one of our customers computers (probably) and found there
the adress to directly send messages to all list subscribers.
Actually the problem is not so easy to solve as described by John Sechrest, because he
seems to assume a person, who deliberatly forges a mail adress to directly access the
list. But this is not how the viruses (especially the recent "NetSky"-family) work.
In our case, my collegue as the list owner sent a newsletter mail to xxx-News@xxx.de.
This adress is protected by the Majordomo, so that only he as the list-owner is able to
send any message. The Majordomo itself now sends the message to the automatically
produced adress xxx-News-list@xxx.de (that's what already was talked about here). This
one is not protected and accepts any requests to send mail to the list. But xxx-News-
list@xxx.de does appear in the header of each mail send to the subscribers (check the
raw view of your mails, if you don't believe me). Now the NetSky virus scans all files on
the infected computer for anything resembling an email adress. By this he was able to
find the above mentioned unprotected mailing list adress in an archieved E-Mail. The
virus doesn't think about it. It doesn't forge an adress nor does it have to. It simply tries
what it finds!
Now John Sechrest's way to configure the list might work, if the arbitrary code addition
would be unique for any mail send, and thus the list-adress would be unique. But it
seems to me, that he only suggests a coded addition for a permanent adress. And this
won't work with a virus raving in the guts of a computer.
So the virus is able to bypass the majordomo and send itself via the mailing list, or mask
itself as a message from the list, so that servers, that kill the virus, notify this to the list
adress, which in turn sends the notification to all subscribers. The effect is chaos (even if
there are no more computers infected; I experienced that on Monday)!
This is not the way it should be! Majordomo should protect all aspects regarding sending
messages to the list subscribers and this means also protecting the aliases, if the list-
owner wishes.
I think, a patch is needed, which extends the responsibility of the majordomo.
Hit me, bite me, call me by unholy names, but THIS IS A SECURITY HOLE!
Best regards
Matthias Paetzold
Follow-Ups:
|
|
