On Fri, 10 May 2002 04:53:14 -0500 there appeared a message
falsely attributed to me with the Subject line:
WhfhixFq2ybVmC2ZK78ZJZDmCgZuKUPXpS9W
1) I don't have any mailers configured to set my return
address to "jsd <jsd@monmouth.com>" ... They're all
"John S. Denker <jsd@monmouth.com>" or something like that.
2) I don't have any computers that operate in the GMT -0500
timezone.
3) I wasn't awake at that time, anyway.
4) The format of the message, multipart/alternative with
attachments, is not the sort of thing I'd be likely to
send, by accident or otherwise.
5) There is no reason to believe any of my computers have
been hacked.
6) OTOH there are known viruses running around that forge
the "From:" lines of the messages they send out.
The best hypothesis I can think of is that some member of this
list has been infected. The virus got the address of the list
from one line in the victim's address-book, and forged the From:
address based on another line in the victim's address-book. This
hypothesis fits most of the facts, but the exact formatting and
payload of the message isn't 100% consistent with any virus I
know of. Maybe it's a new virus, and/or the payload was mangled
by the listserv.
More generally: There is grounds for some concern about the future.
This list defends itself by checking the return-addresses. If the
viruses and/or spammers figure this out, we might start seeing quite
a lot of bogus messages. It would be very hard for the listserv per
se to defend against this sort of attack; by far the best defense is
for each participant to maintain good computer security. Use good
firewall and virus-checking software, or (better yet) run an email
reader that was sufficiently well designed that it isn't a culture
medium for viruses. (This rules out all microsoft products.)