[PLUG] Possible worm, the attachment is the text source listing of the email in question.

Wil Cooley wcooley at nakedape.cc
Wed Sep 10 22:15:02 UTC 2003


On Wed, 2003-09-10 at 21:47, Michael C. Robinson wrote:
> > And by the way, if you genuinely think it's dangerous, doesn't it seem
> > like a really dumb idea to forward it to a mailing list?
> 
> That's why I didn't forward the actual message.  I copied the source 
> of the email into a text file.  Last time I checked, text files are
> viewed as plain text.
>   
> By making the suspicious email an attachment, it doesn't automatically
> open.  Saving it as text, Windows won't even render it as html.  My
> understanding is that attachments have to be opened to be dangerous. 
> There isn't any Linux email program that will do that without a user
> request, is there?  I did indicate that the attachment is the code of
> this suspicious thing.  Surely no program will execute a text file.

Well, Evolution displayed it as an e-mail message with HTML; but its
HTML rendering is pretty safe--it doesn't do JavaScript at all and
doesn't automatically load remote images.  It didn't open it
automatically, of course--I opened it because I wasn't worried about
being affected by it.  Still, it's not a good idea to send these around.

> What can I do in the future if I want to send a suspicious email
> somewhere to be evaluated safely?  Good thing it's a hoax as it
> couldn't have infected anyone anyways.  I really didn't think 
> the way I packaged it that it could infect easily even if it 
> was a real worm.  

I'd put it on web server somewhere, optionally protected with a password
that you just send to the list.

Wil
-- 
Wil Cooley                                 wcooley at nakedape.cc
Naked Ape Consulting                        http://nakedape.cc
* * * * * * * Good, fast and cheap: Pick all 3! * * * * * * *
*   Naked Ape Consulting                http://nakedape.cc  *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20030910/45581286/attachment.asc>


More information about the PLUG mailing list