[Asrg] where the message originated
Alessandro Vesely
vesely at tana.it
Tue Jan 13 08:22:16 PST 2009
Rich Kulawiec wrote:
> On Mon, Jan 12, 2009 at 12:42:59PM -0500, der Mouse wrote:
>>
>> - Malware goes out, addressed to A, (forged) envelope-from B. Sending
>> channel ends up emitting it from a normal MTA, M.
>>
>> - A's MX host rejects it at SMTP time.
>>
>> - M generates and sends a bounce to B.
>>
>> - B receives bounce with embedded malware. Somehow - perhaps B's MUA
>> aggressively looks for and executes live content; perhaps B clicks
>> on the wrong thing; perhaps something else - this ends up with a
>> malware infestation on B's machine. (Cue xkcd #350.)
>>
>> If A's MX host had silently swallowed the mail, nothing would have
>> happened to B - or, at least, not on account of this message.
>
> Ah, gotcha. I agree that silently swallowing the message might have
> spared B a possible infection, but I'm reluctant to blame A's MX for
> this: it didn't originate, accept or transfer the malware-laden message.
A's MX knows that M lacks effective anti-virus filtering. Hence,
through inaction, it allowed a human being to come to harm. That
obviously breaks the first law.
More information about the Asrg
mailing list