I have recieved a “Mail Delivery System” error message from a email message I didn’t send. Apparently someone tried to send a message containing the Sobig.F virus in an attachment using my email address in the from line. I’m investigating the abuse since that practice violates both US Federal law as well as European and Swedish law.
Note that if you ever recieve an email from me it’s very simple to determine the authenticy: I always digital sign my emails. Something I think everyone should do. A digital signature is comparable to the type of signature you do manually on a piece of paper, with one exception, it can’t be forged. If your email application doesn’t support digital signatures (hint: change email software and/or install FreePGP or GnuPG) such an email looks like this in plain text:
--=-mP1HwTWyAdC7YkUVoHON Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable [email message ... snip snip ] --=-mP1HwTWyAdC7YkUVoHON Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA/QV9Z1x1/ztQkIRsRAgOuAKCWuIwLotKzq4YKTdQNP975KIJS9gCgtliW MlgnK9LsUx0n/ouAhywEICA= =o+2Y -----END PGP SIGNATURE----- --=-mP1HwTWyAdC7YkUVoHON--
And with the proper software installed you would be able to check the authentication of the message. Note that I removed the original email message in the above example and replaced it with [email message … snip snip ] why this particular example will fail to be validated, the message has been altered.
I’m dumbfoundled, to say the least, how fast the Sobig.F is spreading and infecting computers running Microsoft Windows operating system and Outlook/Outlook Express email clients. When it quite simple to stop with a firewall scan of the SMTP traffic and disallow messages containing attachment with application/octet-stream as Content MIME Type, or a more moderate approach let the MTA handling SMTP connections scan the incoming messages for such offending emails and deliver them to the postmaster account where someone can take care of false positives or some similar scheme. This is the reason why I got the “Mail Delivery System” error, the recieving host had performed a scan and detected the virus.
But the basic problem is that most users is quite clueless, they don’t install patches when available but click quite happily on all attachments in incoming emails. I’m breathless when I hear of lusers that get infected by worm after worm. You think they would’ve learned from the last time? But no. The bottomline is there are no excuses for being infected since there always been good measures for protection on several levels.
Post a comment