Re: Fwd: Beware FAKE e-mails being sent as though from list

To: debian-user@lists.debian.org
Subject: Re: Fwd: Beware FAKE e-mails being sent as though from list
From: Derrick 'dman' Hudson <dman@dman.ddts.net>
Date: Mon, 30 Dec 2002 13:13:12 -0500
Message-id: <[🔎] 20021230181312.GA14726@dman.ddts.net>
Mail-followup-to: Derrick 'dman' Hudson <dman@dman.ddts.net>, debian-user@lists.debian.org
In-reply-to: <[🔎] 200212301800.43682.alan@chandlerfamily.org.uk>
References: <[🔎] 200212301800.43682.alan@chandlerfamily.org.uk>

On Mon, Dec 30, 2002 at 06:00:43PM +0000, Alan Chandler wrote:

| HTML Code follows here, showing the original message in an iframe and using 
| another iframe to hide an executable.

That's the "nimbda" worm.  It forges the From: header using an address
randomly chosen from the infected machine's Windows address book.
Naturally MS Outlook will render the HTML part of the message
including the (non-standard) iframe tag.  The iframe tag causes
Outlook/Windows to execute the attached worm.  The list server bounced
your first message because only the nimbda worm uses an iframe tag in
an email message.

-D

-- 
A)bort, R)etry, D)o it right this time
 
http://dman.ddts.net/~dman/

Attachment: pgpyMuw4fsfFv.pgp
Description: PGP signature

Reply to:

References:
- Fwd: Beware FAKE e-mails being sent as though from list
  - From: Alan Chandler <alan@chandlerfamily.org.uk>

Prev by Date: Fwd: Beware FAKE e-mails being sent as though from list
Next by Date: Re: Fwd: Beware FAKE e-mails being sent as though from list
Previous by thread: Fwd: Beware FAKE e-mails being sent as though from list
Next by thread: Re: Fwd: Beware FAKE e-mails being sent as though from list
Index(es):
- Date
- Thread