[28766] in cryptography@c2.net mail archive
Re: A weird macro virus story
daemon@ATHENA.MIT.EDU (Damien Miller)
Fri Jun 23 22:45:26 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 24 Jun 2006 12:25:36 +1000
From: Damien Miller <djm@mindrot.org>
To: John Kelsey <kelsey.j@ix.netcom.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <18959979.1151074926685.JavaMail.root@elwamui-huard.atl.sa.earthlink.net>
John Kelsey wrote:
> Guys,
>
> Some of my co-workers here at NIST got an email macro virus which
> appeared to be targeted to cryptographers. It appeared to be
> addressed to Moti Yung, and come from Lawrie Brown and Henri Gilbert
> (though that name was misspelled, maybe a transcription error from an
> alternate character set). Did any of you notice something like this?
> The email appeared to be addressed to several submission addresses for
> various crypto conferences.
How do you know it was targeted and not just following the common email
virus/worm propagation behaviour of mining email contact lists and
mailboxes on victims' machines? Typically these malware forge both
sender and recipient addresses, and if both happen to be mined from
(say) a mailbox containing an archive of the cryptography@metzdowd.com
mailing list then the recipient will likely recognise the sender's name.
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
