From: Ulf Wendel

To: Harry Fuecks

Subject: something for you

do you know the thief?

Attachments: posting.zip

…an impression of one of those NetSky worm mails (Ulf didn’t really send it).

Now Ulf is a pretty well known PHP developer who’s contributed to a number of Open Source projects and, no doubt has put his email address in the source code. So have I.

This isn’t the first virus message I’ve had, claiming to come from a known PHP developer – the first, that surprised me, was one from Adam Trachtenberg (PHP Cookbook) and I’ve lost count since.

Picking a random virus description for MyDOOM, for example;

The mail addresses will be first collected from the victim

  • http://blog.casey-sweat.us/ sweatje

    At least they were not smart enought to scan for .phps. .php files in the IE cache should just be the output of the php page, not the source itself (which is where I thought you might be thinking the email addresses would be located).

  • Adam Trachtenberg

    Glad to see I apparently send as many viruses to PHP developers as I receive from them. :) My e-mail address is all over the Internet, so I get spammed and spoofed thousands of times a day. I finally just redirected anything with caught by spam assassin to /dev/null.

  • Toby

    It’s not said that they must have it from source. As a os developer we post day by day on mailinglists & webforums, there’s pretty much space where an email address may be noted.

  • http://www.phppatterns.com HarryF

    As if it reads minds (or Sterlings having fun), one just in;


    From: Sterling Hughes

    Subject: its me

    i have received this.

    Attachement: myaunt_information.zip

  • http://www.SitePoint.com Matt Mickiewicz

    We just plugged in clamav into qmail-scanner on our system and its worked like a charm. Not a single virus has gotten through today vs the usual 30-50+

  • http://www.rideontwo.com z0s0

    As an aside, I finally caved into Matt’s protestations and installed a virus scanner on our email server. In the last 24 hours it’s deleted > 600 infected emails.

  • http://www.rideontwo.com z0s0

    ahh.. Yep, what he said ;-)

Ending Soon
Free SitePoint Premium

Get one free year of unlimited book and course downloads on SitePoint Premium!