[Pan-users] Re: Re: Dear Members Sky Bank Please Verify Acconts !

[Duncan]

Jeff Vian posted <address@hidden>, excerpted
below,  on Sat, 15 Oct 2005 23:14:34 -0500:

> And just what does that difference have to do with it?  The address for
> the list was obviously harvested somewhere with a valid members address.
> Anybody who is subscribed to the list can see the addresses of those who
> post.

As I posted to the devel list, where this also showed (it also showed on
the announce list, which I thought was read-only for most??), I suspect a
subscriber is infected -- that it wasn't a deliberate post but rather
something automated.

I'm guessing the mystery person is mostly a lurker so there wouldn't be
much to be done to trace and warn them (there's very little I could make
out of the headers as processed by gmane, but I'm not much of a mail
tracer and someone getting it directly might do better).  Of course, it's
also almost certainly someone reading the list on MSWormOS, using a
security-seive MS client with full HTML/scripting/ActiveHex turned on, who
hasn't kept up with their updates...

Remember that the list address would be stored in the address book like
any other address.  An automated malware spam spewer wouldn't know the
difference, nor would the author likely care, particularly when it's
delivered like any other mail to some who may not have incoming filters
set up to sort list mail into separate folders automatically.

The fact that it got to the announce list/group was interesting tho... 
Either poor Charles was experimenting with his MSWormOS PAN build again
and has made the mistake of running an unprotected mail client and getting
0wn3d, or the announce list isn't as closed as I thought it was and it's
only convention that has kept it free of posts...

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman in
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html