Anti-Virus Companies: Tenacious Spammers 329
jaroslav writes "There is a great article over at Attrition about the problem of anti-virus related spam. I don't know if we should all start reporting this to the government, but telling the companies themselves that this should stop might get some results."
A good analogy... (Score:5, Informative)
If I send a letter to George Bush using Saddam Hussein for the return address, the president will not believe that the letter is really from Iraq! Why? (other than Saddam being captured?) The postmark on the envelope will say Pullman, Wa!
Similarly, if the mail server looked at the address that actually sent the virus, it would see something like aol.com or texas-telecom.net. Instead, these mail servers just blindly believe that the virus was really sent from Client-A@wsu.edu. (I insert the client's actual email address here... that helps grab their attention if their mind was already wandering...)
Re:A good analogy... (Score:2, Interesting)
Anyway, we turned it off. A local administrator still gets to know about it, but that's the only place it goes now, and I think the world is a better place for it.
Re:A good analogy... (Score:4, Funny)
At least two of those notifications included complete copies of the e-mail including the virus.
Re:A good analogy... (Score:4, Funny)
Re:A good analogy... (Score:5, Funny)
Re:A good analogy... (Score:5, Funny)
Re:A good analogy... (Score:4, Funny)
He already emailed all the ones he got from the US 20 years ago
Re:A good analogy... (Score:5, Funny)
Re:A good analogy... (Score:5, Funny)
Good analogy, but I think you seriously overestimate Dubya's powers of reasoning in this case...
Draft an RFC? (Score:5, Insightful)
Something like
$PLATFORM/$VIRUS.$VERSION@$PAYLOAD-STYLE So you'd need a simpl draft coming up with a platform name Win32 for 32-bit windows Mac for mac's yadda yadda, a Virus naming convention so that everyone would be able to tell from looking at the virus as to what it's name should be, $version
So perhaps mydoom should be
Win32/Mydoom.A@MM@DD
-or-
Win32/Happy99.a@M
just thoughts and ideas, what's everyone else think?
As well as defining in the RFC that, if a worm is known to spoof the From: field then skip the auto-reponder notice altogether.
Re:Draft an RFC? (Score:3, Insightful)
Re:A good analogy... (Score:4, Interesting)
Re:A bad analogy... (Score:2, Insightful)
If I send a letter to George Bush using Saddam Hussein for the return address, the president will not believe that the letter is really from Iraq!
Why would it have to be from Iraq? You just said that the sender was Saddam Hussein, not Iraq. You're mixing up the sender and the origin. Mr Hussein may not have been to WA, but if you mailed the message from (say) Yemen, Saudi Arabia, how would Mr. Bush be able to tell that wasn't from Saddam, just by looking at the postmark?
The p
Anti-virus! (Score:3, Funny)
Slashdot Plagiarized Again (Score:5, Interesting)
Not three hours after this comment, someone mailed this to Declan's Politech list, a cheat sheet for computer illeterate journalists angling for something to stay more relevant than the typewriters they still swear by. And then the very next day, we see three different articles with variations on this very topic. Five bucks says the next issue of eWeek borrows in their next issue as well.
Yes, as always, none of the stories credited Politech, though the names of the authors who borrow liberally are always the same. And Politech didn't credit Slashdot, where the Politech submitters borrow a full half of their stories with equal disregard for journalistic integrity. Indeed, the only time Politech credits Slashdot is when they believe Slash has said something stupid. These reporters are hooked on the easy source of stories, yet trash it publicly for fear others will find the tool that's kept them from having to do actual reporting anymore.
I may be here to take Linux away from you, but you can't argue that I don't give something back. You hate me. But you love me too, and you hate that as well. Think of it, you see me just the way others see Slashdot.
If you'd like to track Politech's ongoing plagiarism of Slashdot, jump on their free mailing list [politechbot.com] and have a laugh. Watch the submissions. Watch each story jump from Slash to Politech (search the comments after each new Politech post and you'll find the original +4 or +5 comment 4 times in 5), then check the NY Times, Barron's, and Ziff Davis Publishing for the same authors publishing borrowed stories the very next issue. They do it like clockwork, because these "tech" journalists don't realize that we're on the internet too.
~Darl
Re:Slashdot Plagiarized Again (Score:5, Insightful)
Clearly you don't realize that Slashdot doesn't post original material either. Indeed it's a regular question why /. doesn't simply cut a deal with PBS and reprint Cringely's columns honestly instead of noting nearly each one and then having some schmoe "helpfully" copy it for 'em. Same for almost everything else, by the time it hits /. it's old news in other circles.
That journalists (including Usenet posters, bloggers, bbs users, other online discussion forums plus talk show producers and newsdesk editors) get many of their ideas from their peers is hardly new. That the process is becoming more widely transparent only speaks to the increasing breadth and depth of information resources available to more and more people.
Indeed this is what the Google News service relies on - clusters of stories on topics. Those stories aren't always about "breaking news", quite often they're simply topics that have suddenly become widely discussed: Successful Memes.
So yes, if one reads a number of news sources, particularly ones focused on specific topics, one will indeed often note a topic begin in one place, jumps from source to source, evolve, and oftentimes come full circle. Furthermore if one back-tracks a story it rarely "began" where most of us first became aware of it but had already bubbled up through several layers of reportage.
Welcome to the Global Village where what was old is new again.
Re:Slashdot Plagiarized Again (Score:3, Interesting)
You know the style. When tech journals quote press releases, there are hardly ever any qualifiers. But when its an up-stream critique of potentially successful c
Re:Slashdot Plagiarized Again (Score:2)
The sad part, as I'm sure you can follow, is that often people are in positions of authority *precisely* because they played fast and loose with information, connections, and the rules of the game in order to get where they got.
I'm sure none of this is news, but its amazing how easil
Re:Wait a minute... (Score:4, Interesting)
That was scary, thinking about the million or so people who read it every day and don't even think of it in their minds as an advertisement with a vested interest in selling MS products.
grrr... (Score:4, Insightful)
Re:grrr... (Score:2, Insightful)
The Chinese have always been very tough on piracy. In fact, back in the sixteenth century there was such a problem with Japanese pirates in particular that it was illegal for a Japanese to set foot in China on pain of death. Even the RIAA hasn't started advocating the death penalty yet, despite several ships carrying CDs having been boarded, their cargo stolen
Re:grrr... (Score:2)
Companies are here to make money. If they think marginal benefit will exceed marginal cost, they'll do it. That's exactly what these AV companies are doing.
Until someone sets a precedent to show that activities like this will end up hurting you, everyone will (and SHOULD) keep doing it.
That's the nature of capitalism and I, for one, think the system works very well.
configuration of the virus announcement function (Score:5, Insightful)
Re:configuration of the virus announcement functio (Score:5, Interesting)
Re:configuration of the virus announcement functio (Score:3, Insightful)
Maybe I'll removed the blocks when this blows over, maybe I won't, but they sure as hell are going
Simple solution to problem (Score:4, Funny)
1) At the end of every one of these viruses, just add fdisk. 2) Very quickly, there will be no more unprotected computers!
3) ???
4) Profit by shorting MSFT!
Re:Simple solution to problem (Score:4, Insightful)
Now that would be funny!
I can just imagine the fresh, clean feeling the world would have for a short time afterwards...
[I hate viruses not just because of all the stupid AV marketing spam that results, but because my company (like many I suppose) is obsessed with anti-virus crap. I have windows on a few machines at work, which are never ever used for anything except local debugging, but none-the-less I'm required to run four anti-virus programs on them simultaneously, which sit there and thrash the disk for an hour at ever bootup, and my manager is constantly coming and nattering at me "did you check your anti-virus for updates today"; I get the feeling he's a big victim....]
Re:Simple solution to problem (Score:2, Interesting)
Non-reply is not quite right (Score:5, Insightful)
However, the truth is they know what sort of virus they have detected, and they can know whether the virus/worm in question forges the fromline or not. If they know it forges the from line, they should not send the mail back. If they know the program does NOT forge the from line, however, it is not unreasonable to send back the bounce, though for best appearances, it should not look like an ad.
If a program on my machine is sending out worms, I want to know about it. The antivirus software should be able to tell the difference.
Re:Non-reply is not quite right (Score:2)
Of course a lot of spam comes through 0wn3d boxes which are acting as drones so most of these headers point to individual boxes which are clueless of thei
But isnt a lot of spam... (Score:5, Insightful)
Re:But isnt a lot of spam... (Score:4, Interesting)
I'm not sure what it would take to deal with this though...the company would have to be willing to cooperate for certain, and you'd have to set up some sort of sting if the spammer was at all capable of covering his tracks (have someone go through with a purchase to the point where the affiliate information was made visible)
Re:But isnt a lot of spam... (Score:3, Interesting)
The most objectionable thing was that the spammer had forged the return address to reference MY domain. Possibly I was going to be flooded with people screaming "Stop it!".
I was upset. I went to the referenced web site, to see if I could track down the owner. No such luck; the web site ONLY permitted sales. I then created a dummy sales request, with a return to a throw-away hotmail email. Sure enough, I had a quotation several minute
I totally agree. (Score:2, Insightful)
Re:I totally agree. (Score:3, Informative)
Nice to talk out your ass. yes they are annoying, but lets go over some numbers from my system I run:
I run a MailMarshal 5.5 system. It is configured to block all executable attachments. A blocked attachment is parked for 7 days and a text only notification without attaching the original message is sent back to the "sender". If the sender replies according to the instructions (which is to add 1 randomly generated 6 letter wor
Complain to the abuse@ of the filtering system (Score:5, Insightful)
Occasionally I will send a nastygram to the support or abuse department of the system using the stupid virus protection. Usually they can't figure out why I'm annoyed that they told me I'm infected with a virus ... the concept that a virus can forge a FROM escapes their air-filled heads.
Re:Complain to the abuse@ of the filtering system (Score:3, Funny)
Re:Complain to the abuse@ of the filtering system (Score:2)
See http://www.spambouncer.org/ for the details. If you have a shell account on your ISP, it's great.
Re:Complain to the abuse@ of the filtering system (Score:4, Insightful)
Re:Complain to the abuse@ of the filtering system (Score:2)
It can be set to ID and delete VIRUSES and the "cruft" emails from virus vendors and other filters. I know it can, because that's how it is running on my main email account.
Perhaps y'all are thinking of another program?
How long... (Score:3, Funny)
"Dear friend,
I am Darl McBride, a well known businessman..."
Might be more fruitful for them.
Stupid admins cause this (Score:5, Insightful)
The author of this article seems to think that the AV companies are the one to blame for this. In fact, every AV product I've ever worked with at the mail server level has allowed you to turn this functionality off. Any decent mail server admin should be doing this themselves. It's the same kind of ignorance and stupidity that allows 3 year old exploits to continue to propagate.
Re:Stupid admins cause this (Score:2, Informative)
Re:Stupid admins cause this (Score:2, Informative)
Yes, but is it off by default? (Score:5, Insightful)
Re:Yes, but is it off by default? (Score:4, Informative)
It is with most newer versions of products (Trend, Sophos, Sybari, to name a few). Older versions had this on by default, but when they were released, viruses weren't forging FROM headers the way they are now. Additionally, when upgrading versions, the old settings tend to get preserved, thus perpetuating the problem.
I also wouldn't go so far as to call this a dangerous feature. It was designed to be a useful tool to help STOP the spread of viruses. I think a better compromise would be to enable notification back to the sender only if the detected virus is know NOT to be a FROM forger, with the option to disable it completely.
Re:Yes, but is it off by default? (Score:2, Insightful)
Because when the apps were first created we did not have a SPAM problem.
So a legitimate email might have contained a virus and it was good Internet community help to inform the sender about the virus.
Now we have viruses and SPAM which feed off each other and the feature becomes a pain.
Re:Stupid admins cause this (Score:4, Insightful)
of course, free advertising at the peaks of virus activity can't hurt?
Re:Stupid admins cause this (Score:2)
this might be different for some server software, but even those reports can have virus descriptions.
Saxian University (NL) does have stupid admins (Score:2)
Yes, they know that the virus is faking the sender's address.
Yes, they know that I am not the sender o
Re:Saxian University (NL) does have stupid admins (Score:3, Interesting)
After they're done explaining that they won't do anything, inform them that they are now knowingly sending you unsolicited spam, and ask where you should fax the invoice, as you will be billing them for each unsolicited email that you receive.
Do it as a bluff, or do it with the intent to bill. If you have them on tape saying they know they're bombing innocent third parties with email, they're going to change their ways pretty quickly. Newspapers love that shit
Re:Stupid EXECUTIVES cause this. (Score:3, Interesting)
It might be some sort of legal accountability thing too. Imagine a conversation like this:
Customer: "I sent that proposal 10 minutes before the deadline. Did you get it?"
Employee: "Uh, no."
Customer: "Well, I have proof that I sent it, I'm going to sue you for a million dollars!"
Empl
Ask yourself these questions: (Score:2)
Who makes money out of spam-blocking software ?
(I'll leave the answers as exercices to the readers)
J.
Eh? You sure...?? (Score:5, Funny)
You sure about that?
Re:He mails it out from Pullman. (Score:2)
I have experienced this in the worst possible way (Score:5, Interesting)
As soon as it was set up, I started getting 50-100 messages from other servers saying that my address was spewing out viruses. Of course, this is impossible, seeing as my computer never even knew that I had this alias. Yet, I kept getting it time and time again.
The problem was, I couldn't delete the alias, and I ended up with hundreds of these messages per day. Incredibly frustrating. They must know that it serves no purpose.
Re:I have experienced this in the worst possible w (Score:5, Funny)
Why does the government need to be involved??? (Score:4, Insightful)
Stop sending me back the e-mail! (Score:2)
A copy of the original e-mail is included. email.txt 153KB
My throw-away account on Yahoo is always full with "Delivery Failed" 153KB and I have to keep clearing it out every 2 days or it becomes useless for doing it's designed job. Being my spam trap for websites that require my e-mail.
Re:Stop sending me back the e-mail! (Score:2)
Also, lots of spam mails with one real sentence, and then a paragraph or two of random English words at the bottom...Something new to defeat filtering?
virus names (Score:2)
anyone know how they come up with these names? sounds like a fun job, anti-virus virus namer.
Never register (Score:2)
Unfortunatly McAffee requires registration/drm product activation to use it. This means you are hosed and pisses me off.
Of course I can always lie about my email address but my guess is before long they will require for you to recieve an email to use the product like many forums.
Yuck.
I wonder if Norton or I should now say Symantec is any better in regards to this.
Re:Never register (Score:2)
Free antivirus, and none of hassles of getting marketing spam from McAfee.
Re:Never register (Score:2)
Unfortunatly McAffee requires registration/drm product activation to use it. [snip] I wonder if Norton or I should now say Symantec is any better in regards to this.
Nope. Just installed Norton on my dad's machine. Registration required, phone home to activate. Oh, and as of Norton 2003, it now installs a background process called "SYMLCSVC" that takes up a good chunk 'o RAM and serves no purpose other than some unspecified DRM scheme. The uninstaller won't remove it, or even stop it from running, ei
Re:Never register (Score:2)
>
> Of course I can always lie about my email address but my guess is before long
> they will require for you to recieve an email to use the product like many forums.
Answer #1: McAfee already requires the email for some features, eg manually initiated download of updates.
Answer #2: Check out www.spamgourmet.com which is a very easy to use (and free) email forwarding service. You can have it forward eg the first 5 em
AV Companies Send These Emails Because... (Score:3, Insightful)
However, in the eyes of an AV company, a silent, seamless program is the LAST thing they want. These companies want the PHB's to know their product is working, and they want visibility.
This is a classic case of marketing desires winning over technological needs. This is the reason I use open source projects -- they (most of them, anyway) do their job without the need for advertising.
It's a tough call.... (Score:5, Interesting)
I work at a helpdesk, so I've spent the last couple days repeating how from headers can be forged, ect, ect to users... so I agree with the frustration and do want it to stop.
At the same time, if I unknowingly sent an important document that had a virus and was not recieved, I would want to know. Years ago I remember sending a resume that was infected with a word macro virus - I was glad that I got a bounceback message, since a)I knew I had a virus and b)I knew the place didn't get my resume.
Re:It's a tough call.... (Score:2)
Funny, I thought thats what anti-virus software was for. Look for the button that says "SCAN".
Yes, I'm being glib, but it's true. Most anti-virus scanning software can be setup to scan outbound messages, so you'd only be left with a scenario where this feature is useful if you're defs arn't up to date or accurate, and theirs is. Thats a fairly convoluted scenario to justify the exi
Re:It's a tough call.... (Score:3, Insightful)
My point is less about the sender knowing they have a virus, and more about the sender knowing their document wasn't recieved. Even once they find out they have a virus, the average user won't know that their document wasn't recieved. And there are a lot of people out there who don't have up to date virus software or don't bother updating it - think home users whose computer came with a 3 month subscription that expired two years ago.
Re:It's a tough call.... (Score:2)
Read the article.
Of course there are viruses such as Word-macro viruses that users unknowingly send out as an attachment.
But the AV developers know that the particular viruses mentioned in the article fake the sending address of the mail. So the AV software should know that there is no need to send out a warning, since it already knows that the "sender" isn't the sender.
This isn't e
email traffic (Score:2)
I've gotten AV email... (Score:4, Informative)
If I had spare time, I'd SUE the AV companies! They're commiting LIBEL and they KNOWINGLY SENT ME A VIRUS!
Anyway, I'd also like to add that I've run Microsoft Windows since the days of Windows 1.03 and I have NEVER had a virus. I don't take unusual precautions, either. I have a virus scanner that I keep updated and run MANUALLY every time I hear about a new one, and it never finds anything (except when I've purposely saved one off for analysis!). I've never been tempted to click on an
One of the companies I'm working for just locks down the network harder and harder each time there's a new virus. For example, they did some tweak so when you log into the domain, some thing runs that prevents you from making a share (though only from the UI--you can still do it from the NET command-line.) I hope someone realizes that they've NEVER actually stopped a virus, even though each time one happens they run around in circles and restrict the network and PCs even more. You just can't prevent against people receiving an EXE in email and running it!
Now I know the argument you get from Mac-crazies--that if the PC had better account management this wouldn't happen. NONSENSE! A user-level program with no special "root" access can easily scan through YOUR mailbox and pick of email addresses and send out email. ON ANY OPERATING SYSTEM, even a properly adminstered Un*x system.
Re:I've gotten AV email... (Score:2)
Not a Mac-crazy, but how the hell do you figure this???
A non-root account can't read any other users' mailboxes unless a system is set up incorrectly.
Re:I've gotten AV email... (Score:2)
A user-level program with no special "root" access can easily scan through YOUR mailbox and
Maybe you are just a little crazy! You can read your OWN mailbox! And send out lots of emails. Another trick some viruses do is to scan through the web cache and email everything that looks like an email address. Again, something that can be done on a properly configured Un*x system.
Re:I've gotten AV email... (Score:2)
I'd also like to add that I've run Microsoft Windows since the days of Windows 1.03 and I have NEVER had a virus.
Being one of the most experienced Windows users in the world, I'm not surprised you never got a virus
Re:I've gotten AV email... (Score:3, Funny)
Re:I've gotten AV email... (Score:3, Informative)
Sorta OT... (Score:2)
Re:Sorta OT... (Score:2)
Anyone else subscribe to this conspiracy theory? Or seen/heard/read anything that supports or suggests this claim?
just curious.
sorry for being such a dork.
Treat bad e-mails like bad IP packets... (Score:2, Insightful)
This is very similar to spoofed IP packets: a firewall might bounce (answer) the packet back to its origin, and if the original packet was broadcasted to a lot of systems, the fake return address gets bombarded with those bounced packets.
The solution:
Simple truth is... (Score:2)
The logic used to illustrate the 'issue', according to Brian Martin, is in itself a definition of a 'virus'. Not an inditement of any one factor.
"A harmful or corrupting agency; "bigotry is a virus that must not be allowed to spread"; "the virus of jealousy is latent in everyone"
These virii depend on us as part of the equation...placing the blame on any single entity is just passing the buck, and not valid in terms of identifying a solution.
Re:Simple truth is... (Score:2)
I didn't see any mention at all in the article of illiterate twits who think they understand Latin spelling rules and thus make up plurals for English words that aren't correct in English, and wouldn't even be correct in Latin.
You CAN turn off the bounces and NDRs... (Score:2)
All the products we use allow you to modify or disable the non-delivery reports or bounce messages, and we do. We've seen that routing all the bounce messages during a spam or virus outbreak degrades our server performance more than the spam or viruses. We notify our local users when we munge th
WEIRD (Score:3, Interesting)
As a mail administrator or antivirus company, you are probably well aware of the current trend in viruses to forge the senders address. Your system has been caught by our system, replying to these forged addresses to notify them that they sent a message containing a virus. This has been causing undue hysteria within my organization, and must stop immediately. In addition, this message was sent unsolicited and without prior business ties, and may be a violation of federal and/org state anti spam laws. Further messages will result in a permanent block on your SMTP server's ability to send mail to ours, and a submittal of your "replies" to several major spam blocking services and black hole lists.
If enough of us do this, maybe these guys will get a clue to turn off the reply feature.
We're your A/V company, we're here to help (Score:2, Funny)
If you build a better moustrap, it's good business to also sell smarter mice.
Perhaps I'm too grumpy or cynical today.
I've always been suspicious of AV companies (Score:4, Interesting)
In the last Slashdot story about the Mydoom worm, a Computerworld article quoted the damning evidence directly from the horse's mouth:
No one has yet reported an infection by Mydoom.B, said David Perry, global director of education at Cupertino, Calif.-based antivirus vendor Trend Micro Inc. "If 100 people in the world had been infected, we would know," he said. "In fact, almost all of the viruses that have ever been detected never infected anybody ever. We say that there are about 77,000 known viruses, but only about 900 of them have ever infected anyone."
Huh? Pardon me? If they never infected anyone, then what makes them viruses? How were they detected if they never infected anyone - from the original first seeds by the viruswriters themselves? Then why in the hell haven't they tracked the virus writers down? Are these inventions of the AV companies that never existed outside of the AV companies' labs? Only 900 out of 77,000 ever infected anyone - isn't the virus problem then vastly overrated?
Given the above statement and the quite legitimate complaint that started this thread in the first place, I really think everyone should question the AV companies' role in the virus situation.
Picking Nits... (Score:4, Interesting)
But, in a way, the virus is spamming, too.
Big ol' steaming load (Score:4, Interesting)
Besides, sending these e-mails arguably provides a positive service, because self-propagating e-mail viruses are everyone's problem, and a bit of vigilance on each person's part is required to prevent one of these viruses from becoming a worldwide problem.
Using a shotgun approach to tell people that a virus is going around helps to inform everyone. Everyone needs to educate him- or herself about virus protection and prevention, so that they can personally know whether their machine could be infected or not.
Also, telling those people to contact their local IT staff just gets the IT staff in gear to help stave off something they should have already been on the ball about. If the IT staff were prepared, then their company's employees would already be in-the-know, and would not harass IT with needless panicky e-mails.
If, on the other hand, the software package sending the spam warnings provides links to their web page, then I'd lean toward considering it to be spam rather than information.
Re:Big ol' steaming load (Score:2)
* Vexira ALERT *
This version of Vexira MailArmor is licensed and full featured.
Vexira has detected the following in a mail from your address:
Worm/MyDoom.A2 virus
The mail was not delivered.
Your computer may be infected with a virus! Please visit
Central Command at http://www.centralcommand.com and obtain a copy
of Vexira AntiVirus now.
Existing solutions (Score:3, Interesting)
Perhaps, however, instead of reinventing the wheel, we could use existing solutions; send a virus-infected email to postmaster@ the offending domain, and/or abuse@ the offending domain.
If you get a bounceback that makes it clear no human will see the message, that meets the criteria for submission to RFC-ignorant [rfc-ignorant.org]
stoopidity abounds (Score:3, Interesting)
personally I shut down these really bad ideas in 1997. Personally I received more than 100 copies of mydoom in the last few days.
So it does appear many people who have legitimate reasons to put my email address in their contact lists have no idea how to be prudent about safe sex in cyberspace. This being said - I am optimistic they are learning.
It's the natural order of virus evolution (Score:5, Insightful)
I'm only going by my experience in anti-virus software, but lets look at it this way:
1) Anti-virus software is on the desktop machine to prevent infection
2) Soon viruses are getting in via email. Anti-virus software writers decide to target the enterprise (where the real money is) and where it makes most logical sense to block viruses now.
3) Some programmer comes up with the idea "Hey! Wouldn't it be great if our software automatically emailed the person who sent the virus in the first place? After all, its 1997 and the only way to get a virus is via a word or excel document attached to the email." The product development approved, not only because education is a huge tool in stopping viruses, but a little (I stress a little) free advertising couldn't hurt.
4) Microsoft introduces new features and more sophisticated viruses are introduced.
5) The option stays on and is set by default because no one re-evaluates it and its just that way.
6) Some cracker gets an ingenious idea to use the feature against itself and cause more harm than good. The feature is exploited to send out thousands of emails per server, which the original designers never intended.
7) Anti-virus writers don't pay attention because you can just turn it off and its not important to them any more. It's the admin's job to know to turn this off. They may tell some people, and they may default it to off in the next version, but its not high on the list.
And even still, you can't just tell someone they are stupid for coding it this way or for not turning it off. Until recently, this option made "Never attribute any action to malice when you can attribute it to stupidity or ignorance."sense. Tell the infected user of their problem so cut down on the spread of virii. Now, as in the biological world, the virus writers figured out how to use a portion of the "immune system" against itself.
It's just the way things happen. I write a virus, you write a counter measure, I write a way to get around it. What's missing here is an email illustrating that the intent of sending out all these emails was deliberate on the part of anti virus writers. The article is assuming intent for no other reason than to scare people. Again, "Never attribute any action to malice when you can attribute it to stupidity or ignorance."
It's the natural order of virus evolution, take 2 (Score:2)
I believe in a little axiom that says "Never attribute any action to malice when you can attribute it to stupidity or ignorance."
I'm only going by my experience in anti-virus software, but lets look at it this way:
1) Anti-virus software is on the desktop machine to prevent infection
2) Soon viruses are getting in via email. Anti-virus software writers decide to target th
Where's My Plasma Rifle? (Score:5, Funny)
And on the way out, pounding "I AM AN E-MAIL SPAMMER" signs on their front lawn?
C'mon, admit it. That would feel really good.
Stefan
MSN taking advantage of it's latest infection! (Score:3, Interesting)
Just into my HotMail account ... One could assume that Microsoft has no reason to write secure code because it helps a subsidiary SELL services. ... I use Mozilla and Linux
Me
From : MSN
Sent : Wednesday, January 28, 2004 5:00 PM
To : munged
Subject : Fight spammers with new MSN Premium
Get more from your Internet experience with new MSN(R) Premium Internet Software. This all-in-one software works with your existing Internet access to give you persistent protection, advanced communication tools and much more! With MSN Premium, you can:
Limited time offer - 3 months FREE**
* Separate download required.
** Promotional offers only available to new subscribers, in the 50 United States, the District of Columbia, and Puerto Rico. After the trial period (if any), the then current price for your MSN plan will be automatically charged to your credit card until you cancel your account or select an alternative plan. You must agree to the MSN Subscription Agreement to access the service. A major credit card is required. MSN is available only for personal noncommercial use. Internet access service not provided; you must have existing Internet access service. No refunds on prepaid plans, unless cancelled within 30 days. For users of Windows(R) 98 or later operating systems only. Prices subject to change. Additional terms may apply. Offer valid until April 7, 2004.
This special offer is being made available to select MSN Newsletter subscribers. Our relationship with you is very important. In the event that you wish to unsubscribe from future promotional e-mail or special offers from MSN, click here. Once your request is received, we will take prompt action to ensure you do not receive future promotional e-mail from us. By unsubscribing from promotional e-mail messages, you will not affect any newsletters you may have requested nor restrict important customer communications concerning your MSN services. If you have questions about MSN privacy policies, please click here to read our privacy statement. To provide feedback regarding this mailing, please send e-mail to CSmsncommunications@msn.com.
Another problem this causes: (Score:4, Insightful)
What if the server recieving the bounce has one of these alerting virus scanners?
Scenario:
1. Virus sends message to non_existant_user@email.com, forging the from address of user123@free-email.com
2. email.com server bounces the message because non_existant_user doesn't exist.
3. free-email.com receives the (virus containing) bounce from email.com
4. AV software bounces the email, sending the virus back to non_existant_user@email.com
5. Goto 2
Anyone else see a problem here?
logs show MyDoom activity (Score:4, Interesting)
24-hour period, number of bounces
Jan 22, 794
Jan 23, 843
Jan 24, 872
Jan 25, 936
Jan 26, 5472
Jan 27, 19426
Jan 28, 20468
I've had more of an increase in AV Company spam than I have in propagation of the worm!
Re:Why is this modded OT? (Score:2, Insightful)
I might also point out that mob controled neighborhoods are peaceful and law abiding, exceptiong the activities of the mob.
When a store owner pays to have his store not trashed he expects his store not to get trashed.
The mob looks upon anyone trashing stores in "their territory" as challanging their authority and devaluing their "service."
When order (as opposed to law) meets
Re:Who are you people? (Score:4, Insightful)
In order for most of those filters to work, they have to be updated with new virus definitions. At the time they identify this new virus, they can also identify whether the header information is legitimate and worth responding to. In the case of anti-spam companies that ignore this information, they ARE spamming and contributing to the problem. There is no excuse.
If you are an anti-virus company and you update your system to recognize MyDoom, you know that the from address is not accurate. So if you bounce e-mails to the source, you are incompetent, a spammer, or both.
Re:Who are you people? (Score:3, Informative)
You could start by explaining to your boss that in some situations email is not THAT reliable. And if a billion follar contract rests on the successful delivery of an email, he'd better pick up the phone and call someone