Connect with us

Worm and Virus attack

Discussion in 'Electronic Design' started by Aubrey McIntosh, Sep 19, 2003.

Scroll to continue with content
  1. John Stewart

    John Stewart Guest

    Wrong.....
     
  2. Active8

    Active8 Guest

    you'd think that third world, outsourced, jerk at earthlink live chat
    support could take the fact that these executables are sent under a
    bogus MIME type to someone who could incorporate that into the filter.
    no, just pawn it off on MS and do nothing. anyone know what MIME type an
    exe or scr *should* be sent with? i can't remember.

    mike

    out goes the hurricane, in comes the flood. what timing.
     
  3. Jim Thompson

    Jim Thompson Guest

    Those of us aged obstinate ones (otherwise known as old farts) are
    still using original flavor Eudora Pro v3.0.5... no pop-ups, no
    spyware, no nothing but a plain simple-minded mailer. Works just fine
    on Win2K, and is supported by Spamnix.

    ...Jim Thompson
     
  4. Guest

    Guest Guest

    quoting Winfield
    the worm gathers addresses from USEnet posts, so if you don't
    use your work email address to post...

    the more you post, the more likely it is that the worm "talks to
    you"...

    check out news.admin.net-abuse.email for more details, hints and
    insights.
     
  5. Yes, there's a paid version, which we have bought. I don't think the
    free version is spyware, just adware. One time I accidentally deleted
    the ad window and it stopped working until I figured out how to bring
    it back. 8-(

    Best regards,
    Spehro Pefhany
     
  6. Nico Coesel

    Nico Coesel Guest

    It's not the friends that cause the trouble, it's the no-no's who
    don't make the effort to remember your e-mail address.
     
  7. Those *****.exe are garbage names to hide the worm.automat.abh, or
    another variation of the worm.

    I have received over 2200 in the past 24 hours. (1857 in the last 12
    hours) I use Mailwasher to delete them, but they were coming in so fast
    I couldn't dump the mailbox before the Earthlink mail server would time
    out.
     
  8. Nico Coesel wrote...
    You're suggesting folks ahould memorize your email address,
    rather than put it in their address book? Instead, how about
    suggesting that the authors and software-engineering managers
    of Microsoft's email programs and address book should check
    their work before forceably installing it on our computers, no
    choice allowed, by the repeatedly-convicted monopoly company?

    p.s. I've hand-inspected and erased more than 2300 virus emails
    in my non-microsoft mailbox in the last 16 hours. This was made
    necessary in order to read the 35 legitimate emails I received.
    I'm beginning to get really angry now.

    Thanks,
    - Win
     
  9. I feel so left out. I have never recieved a single one. :)
     
  10. How about folks simply saying *NO* to OE? ...then WinBlows (I've
    never used OE and am on my way to being M$ free).
    Simply say "no". It's about time people dumped M$, though I'll
    admit that I'm not quite ready (WIn2K has been my only and last M
    $ OS).
    I can understand that. I spent a couple of hours this morning
    installing filters. However, as long as the world runs on M$
    trash, we're going to have these problems. ...or were you
    thinking about a Tobacc^h^h^h^h^h^hclass-action suit?
     
  11. Mike

    Mike Guest

    I suspect that's why I didn't receive a single one of the emails. Cox on
    one account, Yahoo on another (lots of my Yahoo email is related to my
    manhood and my mortgage, but none is related to Microsoft security), and
    work (where we have active spam filters) on another.

    -- Mike --
     
  12. Mike

    Mike Guest

    I feel so bad I'm going to add you to my address book. Twice.

    -- Mike (Oh, sure, you can thank me later) --
     
  13. GPE

    GPE Guest

    My guess is that you hadn't posted your cox email to the world -- as cox was
    passing that stinking virus to me at nearly 200 per hour! Around 4 this
    afternoon - the virus emails suddenly dropped off to near zero. My guess is
    that Cox finally implemented a filter at that time.

    -- Ed
     
  14. We'll have these problems for longer than that. Indeed, we'll have these
    problems for as long as email does more than convey plain text and the
    Internet supports sending of nonsecure messages. May I remind folks that
    MSFT didn't invent the bug, and that the first worms were not on Windows?
    Virus writers target whatever platform is dominant and powerful enough to
    propagate the virus. *All* nontrivial platforms have bugs that can be
    exploited given enough interest.

    If you want to not catch viruses, you have two choices: adopt a non-dominant
    platform (and accept that many programs will not be available to you) or
    adopt the dominant program, keep it aggressively up to date, and take
    precautions. If you want to not receive virus-related mail, you have two
    choices: don't let anyone know your email (and accept that many people won't
    be able to reach you easily) or install effective filtering mechanisms,
    ideally upstream from your inbox.
     
  15. Colin Bloch

    Colin Bloch Guest

    Typically executables of any kind are application/octet-stream.

    However, filtering on a "bogus" MIME type would require you to:
    - Cycle through MIME messages. For each Content-Type header:
    - Parse out the type
    - Parse the extension out of the file="foo.ext" part
    - Find [type] in system mime.types file or equivalent
    - Check that [ext] appears in RHS of [type] line

    The problem is even if you were willing to write something to do
    all this, there are several places it will fail:

    - There is no official mime-type for .scr and .pif (and whatever
    other Mickeysoft-centric executables.. I don't know them all) so
    these will always be considered bogus, virus or not. [*]
    - Mail clients will use a "catchall" extension for attachments
    whose mime-types cannot be determined (ie. because the extensions
    are unrecognized for one) so you will find that many of these
    fall into the valid 'octet-stream' type anyway, and will pass
    your filter.
    - Some clients (automated mailers, Webmail clients, etc.) are
    lazy or crippled and just pack any/all attachments with a
    fabricated or default type (application/x-unknown for instance)
    and these messages are no less valid than any others, but will
    get kit-shanned by your proposed filter.
    - And finally, there is no law anywhere that says a file has
    to have an extension at all. So if I send /bin/rm to my buddy
    who has accidentally rm'd his own copy [**] it flunks this
    filter too.

    Much better (and less work for both mail server and sysadmin)
    is 3rd party virus-filtering software on the mail server with
    daily (or more) automated definition updates.

    That doesn't entirely preclude third world Earthlink chat droid
    from being a jerk, however I'd say it exonerates him in this
    instance.

    CAB

    [*] Yeah, big loss, I know.
    [**] Yeah, big stretch, I know.
     
  16. I've given in.... there's a prog running here atm that
    is deleting *all* my email on my ISP's mailserver. This
    action has had to be taken because there is too much of
    it to handle, the rate got up to 4x 200k emails/minute
    some time yesterday afternoon. :(

    The prediction is that things should not get worse over
    the weekend, with next Monday being the biggie.
     
  17. Active8

    Active8 Guest

    [snip]
    i know. many worms generate a new random filename each time they
    propagate.
    wow. i'm only at 83. that's around 30 more since the last time i posted,
    which was the post you replied to. if you really mean that you deleted
    them rather than bounced them, ouch. you may or may not have confirmed a
    valid e-mail addy.

    mike
     
  18. Active8

    Active8 Guest

    that's what i was thinking.
    yikes. i never thought of the possibility of a command like rm -r *.*
    getting executed by a mail program. they don't run as root do they? i'm
    not even sure if an attach can be sent like that - with args, that is.

    brs,
    mike
     
  19. Active8

    Active8 Guest

    ok, i will (and you might) check the grc.com security ng to double check
    the ad/spy-ware question.

    tnx,
    mike
     
  20. Active8 wrote...
    I've now received over 3000 of these, each of which has a 106k
    bytes-long worm. That's 320MB of downloads from my mail server
    in Pittsburgh in the last 24 hours. My Comcast cable modem has
    a slow upload speed of about 150k bits/sec, so if I were to have
    bounced these messages, that would have taken about 5 hours of
    full upload traffic. It's hard to see how folks with ordinary
    POTS modems could survive such an attack.

    They're coming in at the rate of about four a minute right now.
    I spent some time trying to set filters, but the quasi-random
    nature of the Swen email headings makes that impractical with
    my The Bat! email client. I'm ready to change programs again.

    Thanks,
    - Win
     
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day

-