Hi, I was looking over the MyDoom email messages that I received today and found about 15 copies of the worm which came from postmasters in bounce messages. Some postmasters, when sending out a bounce message, include the original email message as an attachment. If a bounce message is for a MyDoom-infected message, the bounce message will sometimes include an intact copy of the MyDoom executable which can be run by mistake with a few mouse clicks. It looks like some postmasters are in the virus distribution business pretty much like the MyDoom virus itself. Perhaps these postmasters need to review their bounce message policies and remove all attached files from messages being bounced. Attached is a list of postmasters that appear to have sent me intact copies of the MyDoom virus today. Richard M. Smith http://www.ComputerBytesMan.com ============================================================== System Administrator [postmaster@BARCODESOURCE.com] Mail Delivery Subsystem [MAILER-DAEMON@mailgw2.tiscali.dk] postmaster@COR.ORG Mail Delivery System [MAILER-DAEMON@mxr01.nyc02.dsl.net] Mail Delivery Subsystem [MAILER-DAEMON@dev.adorigin.com] MAILER-DAEMON [MAILER-DAEMON@swip.net] postmaster@walde.dk postmaster@att.net postmaster@dukerealty.com postmaster@sjeccd.org postmaster@wa-gunnet.co.jp Mail Delivery Subsystem [MAILER-DAEMON@SNET.Net] Mail Delivery Subsystem [MAILER-DAEMON@msbit.com]
