[Dshield] Delivery reports about your e-mail

Wed Feb 11 19:06:00 GMT 2009

On Wed, 11 Feb 2009, Jim McCullough wrote:

> However, if you check the orginating and relay addresses, then I doubt 
> you will find the emails coming through the dshield servers.

My copy definitely came via the DShield mailing list. Unfortunately I 
discarded it right away - I don't tend to let garbage like that clutter up 
my mail system for very long.

Also, in this particular attack the message body attempts to appear to 
come from the IT department of the recipient's domain in an attempt to 
lull the recipient into trusting the attachment. That the body contains:

>>> Dear user list at dshield.org,

>>> Best regards,
>>> dshield.org support team.

...is a good sign that it *was* sent to the list, and the list dutifully 
distributed it.

> Without the header information, tracking and finding the problem is 
> basically like finding a gold needle in a haystack the size of Canada.

The problem is actually simple. The list should enforce a "no binary 
attachments" policy. There's no legitimate reason that I can think of for 
a binary attachment to be sent to this (or almost any) mailing list.

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin at impsec.org    FALaholic #11174     pgpk -a jhardin at impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Gun Control is nothing more than an attempt to return to feudalism,
   where the peasants are helpless and must humbly petition their lord
   and master to protect them from bandits and thieves (when they can
   get around to it), and where the lords and masters can abuse the
   peasants whenever they like without fear of effective resistance.
-----------------------------------------------------------------------
  Tomorrow: Abraham Lincoln's and Charles Darwin's 200th Birthdays