[Am-info] Looks like HYBRIS....again.

[Fred A. Miller]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Below is from a Univ. e-mail list. Simply fix, IMHO, DON'T use 
MickySoft!!

Fred

HI All,
        I don't know if this is old hat, but we have not struck this 
before. Heads up just in case.

The academic year starts next week and we are increasingly reliant on
large mailing list to communicate with students and, of course now is
the peak time for these lists to be used. Over the last few days we have
had three cases where HYBRIS managed to infect closed majordomo lists
(lists are set up so only a few addresses can post to them).  

HYBRIS infects winsock.dll and snoops network traffic, it would appear
that there is a variant that is smart enough to recognise mail from a
list and to send itself back to the list with the address of the
original sender thus avoiding the list closure. Or maybe this is normal
HYBRIS behaviour and we have just been lucky until now.

We are now making all our closed lists moderated and are looking at
replacing majordomo with mailman as it appears to offer better control.

- -- 
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
- ---KMail 1.3.2--- SuSE Linux v7.3 Pro---


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8e8s/IhTtc6nTZIIRAhuQAKCJWOBwDrgBFNihe9b2zWYQBBdAvACfdVEY
Tez7zYc44HveGUdxy+ZZWVM=
=nksw
-----END PGP SIGNATURE-----