VIRUS with Bram as sender

[John Beckett]

I should take a little longer checking, but in view of the potential for
damage I'm sending a preliminary opinion:

A message has just been sent to the vim_multibyte list.
Header includes:

From: br...@moolenaar.net
To: vim-mu...@vim.org
Subject: Mail Transaction Failed
Date: Thu, 18 Dec 2008 11:12:38 +0200

Body is:
The message cannot be represented in 7-bit ASCII encoding
and has been sent as a binary attachment.

File attached:
doc.zip

Zip contains single file:
doc.pif
which is the 'I-Worm/Mytob.AP' virus (for Windows, obviously).

Moral of story:
- Anyone can send a mail and spoof the "From" address.
- We may see a flurry of viruses sent to various lists.
- Particularly Windows users should STOP AND THINK
before opening attachments.

John

[Rafael G.]

John Beckett wrote:
> Moral of story:
> - Anyone can send a mail and spoof the "From" address.
>

Anyone can use SPF policies in DNS to avoid this.

Regards

PS: Today, it's second time that I read this problem.

[fritzophrenic]

On Dec 18, 4:26 am, "John Beckett" <johnb.beck...@gmail.com> wrote:
> I should take a little longer checking, but in view of the potential for
> damage I'm sending a preliminary opinion:
>
> A message has just been sent to the vim_multibyte list.
> Header includes:
>

>   From: b...@moolenaar.net
>   To: vim-multib...@vim.org
>   Subject: Mail Transaction Failed
>   Date: Thu, 18 Dec 2008 11:12:38 +0200
>
> Body is:
>   The message cannot be represented in 7-bit ASCII encoding
>   and has been sent as a binary attachment.
>
> File attached:
>   doc.zip
>
> Zip contains single file:
>   doc.pif
> which is the 'I-Worm/Mytob.AP' virus (for Windows, obviously).
>
> Moral of story:
> - Anyone can send a mail and spoof the "From" address.
> - We may see a flurry of viruses sent to various lists.
> - Particularly Windows users should STOP AND THINK
>   before opening attachments.
>

Thanks, John. Hopefully you'll save someone from a world of hurt.
Something to keep in mind in general on the Vim lists is that all
messages (especially from Bram) should be in plain-text. The only time
I've ever seen an attachment on these lists, it's been a patch (also a
plaintext file). I can think of no reason to open any binary file from
messages on the Vim lists.

[Tony Mechelynck]

Note that unlike Bram's usual mailings, this one has a naked email
address as the from-line. I moved it aside to a "Spam - or not?" mailbox
"folder" without opening.

The fact that I'm on Linux makes me immune to some common viruses, but
the first step in protection against malware is to avoid opening just
any "unusual" mail. This applies to all platforms whatsoever.

Best regards,
Tony.
--
"Our vision is to speed up time, eventually eliminating it."
-- Alex Schure

[Tony Mechelynck]

On 18/12/08 15:40, fritzophrenic wrote:
[...]

> Thanks, John. Hopefully you'll save someone from a world of hurt.
> Something to keep in mind in general on the Vim lists is that all
> messages (especially from Bram) should be in plain-text. The only time
> I've ever seen an attachment on these lists, it's been a patch (also a
> plaintext file). I can think of no reason to open any binary file from
> messages on the Vim lists.

Also screenshots (image files, e.g. .jpg, .gif, .png, etc.), which are
not in plain text but can still be displayed inline in many mailers.
Archives, though, are a different can of worms. Files with extensions
.zip (mostly Windows), .tar.gz, .tgz or .tar.bz2 (mostly Unix-like),
.dmg (Mac) should not be sent as attachment, but, if necessary, uploaded
somewhere online and a link posted on the list. If you see one as
attachment on these lists, the mere fact ought to make you more cautious.

Best regards,
Tony.
--
Legislation proposed in the Illinois State Legislature, May, 1907:
"Speed upon county roads will be limited to ten miles an hour
unless the motorist sees a bailiff who does not appear to have had a
drink in 30 days, when the driver will be permitted to make what he
can."

[Tony Mechelynck]

On 18/12/08 17:22, Christian MICHON wrote:
[...]
> Bram's funny signatures is not in the email: it's not from him.

Right.

>
> Side note: windows users should compile their own binaries :)
>

Not necessarily: Steve Hall's Vim distributions
https://sourceforge.net/project/showfiles.php?group_id=43866&package_id=39721
are a reliable source of Vim executables for Windows. It is of course
/possible/ to compile one's own binaries (I've even written a couple of
HowTo pages on the subject).

Best regards,
Tony.
--
All of the true things I am about to tell you are shameless lies.
-- The Book of Bokonon / Kurt Vonnegut Jr.

[Yongwei Wu]

2008/12/19 Tony Mechelynck <antoine.m...@gmail.com>:

>
> On 18/12/08 17:22, Christian MICHON wrote:
> [...]
>> Bram's funny signatures is not in the email: it's not from him.
>
> Right.
>
>>
>> Side note: windows users should compile their own binaries :)
>>
>
> Not necessarily: Steve Hall's Vim distributions
> https://sourceforge.net/project/showfiles.php?group_id=43866&package_id=39721
> are a reliable source of Vim executables for Windows. It is of course
> /possible/ to compile one's own binaries (I've even written a couple of
> HowTo pages on the subject).

Shameless Insertion: My build (see my signature) is more similar to
Bram's build, with minor changes as marked on my Web page. It is
generally updated more often than Steve's build, since I only build
the executables and upload them, instead of making the whole
installable package, and thus have less overhead.

--
Wu Yongwei
URL: http://wyw.dcweb.cn/