Klez worm and digital signinatures

Greg Sabino Mullane greg@turnstep.com
Tue May 14 01:44:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


"carl w spitzer" wrote:

> Your mail to 'Gnupg-i18n' with the subject
>
>    A  good tool
>...
>     Message body is too big: 117678 bytes ...

Werner Koch replied:

> It is now fashionable by spammers to use real From addresses.
> Fortunately they are sending these huge message so that they 
> need approvement.
> [later on...]
> Hopefully we don't get too much spam with faked From addresses.

This is not spam, this is from an infected computer, most likely 
the klez worm that is making the rounds. The subject line 
as well as the size are highly indicative. This worm can send 
email with a fake "from", but Carl may want to check his 
computer: it is most likely not faked. More info on this worm:

http://www.sophos.com/virusinfo/analyses/w32kleze.html

> It seems that the time will be not so far way that we can 
> only accept signed messages but this has a lot of problems 
> too ;-(

Yes, like the fact that there are some people *cough*Werner*cough*
who still are not signing their emails. ;)

In all seriousness, spoofing email from another person is 
so trivially easy that I am surprised that more people do not 
digitally sign their emails for that reason alone.

Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200205131818

-----BEGIN PGP SIGNATURE-----
Comment: Expand your web of trust at www.biglumber.com
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE84EoQvJuQZxSWSsgRAu+IAJkBh4r8L6e5Ex7w9JbIuDNSpeAWbwCePpnB
HKGYqyD80UIZnyumM2qI5vY=
=XMVl
-----END PGP SIGNATURE-----