On Sun, 2005-10-16 at 05:23 -0700, Duncan wrote: > Jeff Vian posted <[EMAIL PROTECTED]>, excerpted > below, on Sat, 15 Oct 2005 23:14:34 -0500: > > > And just what does that difference have to do with it? The address for > > the list was obviously harvested somewhere with a valid members address. > > Anybody who is subscribed to the list can see the addresses of those who > > post. > > As I posted to the devel list, where this also showed (it also showed on > the announce list, which I thought was read-only for most??), I suspect a > subscriber is infected -- that it wasn't a deliberate post but rather > something automated. > > I'm guessing the mystery person is mostly a lurker so there wouldn't be > much to be done to trace and warn them (there's very little I could make > out of the headers as processed by gmane, but I'm not much of a mail > tracer and someone getting it directly might do better). Of course, it's > also almost certainly someone reading the list on MSWormOS, using a > security-seive MS client with full HTML/scripting/ActiveHex turned on, who > hasn't kept up with their updates... > probably true
> Remember that the list address would be stored in the address book like > any other address. An automated malware spam spewer wouldn't know the > difference, nor would the author likely care, particularly when it's > delivered like any other mail to some who may not have incoming filters > set up to sort list mail into separate folders automatically. > > The fact that it got to the announce list/group was interesting tho... > Either poor Charles was experimenting with his MSWormOS PAN build again > and has made the mistake of running an unprotected mail client and getting > 0wn3d, or the announce list isn't as closed as I thought it was and it's > only convention that has kept it free of posts... > I don't really know what is being used for the list mailer, but spam has been minor to date. If it came from a legitimate user it may get through no matter what. I saw this in 3 different forms so far, and one was directly to my own email address. Nothing surprises me, and all that can be done is make the best effort and use all available tools to combat the jerks who like to flood us with spam. Unfortunately most of the spam is coming from poor unsuspecting lusers who don't have a clue their system is wide open and under the control of someone else. _______________________________________________ Pan-users mailing list Pan-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/pan-users
