Notice to everyone! Don't open attachments!

[N9WOS]

Notice to everyone! Don't open attachments!

I am posting this on all the news groups I have posted on.
Because...
There is evidently people reading these messages that is
Infected and don't realize it.
And these news groups is the only obvious place that
The viruses could be getting my email address with such
Repetition.

I have been inundated with virus laden emails to the
Tune of 3MB worth in the last fifteen minutes.
It has started this morning and is getting worse.

I have a ten meg email limit but it gets close to maxing it
Unless I clean out the in box every hour or so.

The viruses has two fronts to it.
And the infected computer evidently sends both forms
To the available emails.

One front has a snazzy logo and graphics.
It tells you that includes a security patch, and
for you to install it.
THE SECURITY PATCH IS THE VIRUS!!!!!!!!
It looks genuine Microsoft, but it isn't!!!!!!!!!!!.

The other tells you that your email wasn't deliverable.
And was sent back to you as an attachment with the return email.

DON'T LOOK AT IT, IT'S THE VIRUS!!!!!!!!!!!!!
The original email wasn't sent by you, it is just trying
to get you to look at the attachment.
It isn't actually a return email, it's a bogus return email.

The people I have been getting the emails from have these
Service providers.
I can't tell the real sending email addresses, because they may be faked.
But the service providers are certain.

COX.NET
Bellsouth.net
Worldnet.att.net (my own provider)
adelphia.net
comcast.net
charter.net
pacbell.net
wanadoo.nl
insightbb.com
telusplanet.net
winfirst.net
mchsi.com
ionex.net

Plus others that I can't make sense of.
So, if you are in doubt, please check your computer for the sake
Of my in box!

 

[ben williams]

Notice to everyone! Don't open attachments!

I am posting this on all the news groups I have posted on.
Because...
There is evidently people reading these messages that is
Infected and don't realize it.
And these news groups is the only obvious place that
The viruses could be getting my email address with such
Repetition.

I have been inundated with virus laden emails to the
Tune of 3MB worth in the last fifteen minutes.
It has started this morning and is getting worse.

I have a ten meg email limit but it gets close to maxing it
Unless I clean out the in box every hour or so.

The viruses has two fronts to it.
And the infected computer evidently sends both forms
To the available emails.

One front has a snazzy logo and graphics.
It tells you that includes a security patch, and
for you to install it.
THE SECURITY PATCH IS THE VIRUS!!!!!!!!
It looks genuine Microsoft, but it isn't!!!!!!!!!!!.

The other tells you that your email wasn't deliverable.
And was sent back to you as an attachment with the return email.

DON'T LOOK AT IT, IT'S THE VIRUS!!!!!!!!!!!!!
The original email wasn't sent by you, it is just trying
to get you to look at the attachment.
It isn't actually a return email, it's a bogus return email.

The people I have been getting the emails from have these
Service providers.
I can't tell the real sending email addresses, because they may be faked.
But the service providers are certain.

COX.NET
Bellsouth.net
Worldnet.att.net (my own provider)
adelphia.net
comcast.net
charter.net
pacbell.net
wanadoo.nl
insightbb.com
telusplanet.net
winfirst.net
mchsi.com
ionex.net

Plus others that I can't make sense of.
So, if you are in doubt, please check your computer for the sake
Of my in box!

Same here in NC, 43 of them this AM and it's only 7AM.
ben

 

[Steve Spence]

322 since 11pm last night.

 

[William P.N. Smith]

Notice to everyone! Don't open attachments!

I've been getting about one a minute(!) since sometime yesterday. So
much for Email...

 

[William P.N. Smith]

what gives? what is going on?

Viruses and worms going berzerk. Since MicroSoft has started plugging
the holes in their OS, the virus writers have to resort to "social
engineering" and try to get you to click on the attachment.

Not much we can do without secure OSes and decent mail systems.

 

[Dave Hinz]

Viruses and worms going berzerk. Since MicroSoft has started plugging
the holes in their OS, the virus writers have to resort to "social
engineering" and try to get you to click on the attachment.

Not much we can do without secure OSes and decent mail systems.

Which, of course, exist. Pretty much "anything but Microsoft".

 

[MSH]

After all this time, onlt an idjit would open an attachment from an unknown
source. Where have you been???!!! And why do you spread your address on
usenet? sheesh.

MH

 

[William P.N. Smith]

Which, of course, exist. Pretty much "anything but Microsoft".

Well, the Spam and "human engineered virus" mail problem would go away
if we had a decent, secure, tracable mail transport with
non-repudiation (and maybe even a small charge for sending Email, but
that's a whole nother rathole), which isn't a M$ problem as much as
it's a (Unix) holdover from the dim dark past.

I'm up to two virus mails a minute today, and I'm about ready to shut
down my Email account. Sigh.

 

[William P.N. Smith]

And why do you spread your address on
usenet? sheesh.

Well, back in the olden days (even as far back into prehistory as a
decade ago), we'd publish our Email addresses so that people
interested in communicating with us would know how to do so.

Anyone remember:

{...}!decwrl!sandbox!w_smith ??? 8*)

Yeah, it's a different world nowadays.

 

[Dave Hinz]

Well, the Spam and "human engineered virus" mail problem would go away
if we had a decent, secure, tracable mail transport with
non-repudiation

Well, the weakness being exploited is a combination of the meatware
(human tendancy to want to do things) and the OS (more holes than a
fishnet). If the OS in question had, oh, say, the first glimmerings of
the concept of _thou shalt keep system and user processes separate_,
there wouldn't be this mess. These things don't affect Unix/Linux/Mac
systems; not because of market share, but by basic, fundamental
design differences.

(and maybe even a small charge for sending Email, but
that's a whole nother rathole), which isn't a M$ problem as much as
it's a (Unix) holdover from the dim dark past.

Whaaaat? You're blaming Microsoft security problems on Unix? How
exactly would making email have a micro-cost stop this specific
virus? It wouldn't, it would just end up costing the people who
are (insert adjective) enough to get infected, lots of money. While
it would make more clear the costs of the error of their ways, it
wouldn't stop or even slow it. Pointing to the transport as the
problem, when the problem is with vulnerable systems on the sending
of the email, isn't the right area to concentrate on. It's just the
transport, the problem is with the security at the sending system.

I'm up to two virus mails a minute today, and I'm about ready to shut
down my Email account. Sigh.

spamcop.net does a *really* good job of filtering; they discard the
virus (and the bounce messages) completely - they don't even go into
my "held/suspected spam" folder. Best $30/year I've spent.

Dave Hinz

 

[William P.N. Smith]

Whaaaat? You're blaming Microsoft security problems on Unix?

No, I'm blaming Unix mail problems on Unix. None (nada, zero, not a
single one) of the spams or viruses actually come from where they say
they do. If Email transport was secure, tracable, and had some sort
of non-repudiation we wouldn't have most of the spam we have today,
and we could easily and reliably track down the source of these worms
and virii.

Don't get me wrong, Bill Gates is definately the AntiChrist, and M$
needs a small tactical nuclear strike to straighten them out, but the
mail transport we're all using is a big part of the problem.

 

[Dave Hinz]

No, I'm blaming Unix mail problems on Unix. None (nada, zero, not a
single one) of the spams or viruses actually come from where they say
they do.

It's SMTP. It's independant of Unix, it's a _protocol_, not an _os_.
Even Microsoft uses SMTP over port 25, to move email around.

If Email transport was secure, tracable, and had some sort
of non-repudiation we wouldn't have most of the spam we have today,
and we could easily and reliably track down the source of these worms
and virii.

Yes, and what has that to do with Unix?

Don't get me wrong, Bill Gates is definately the AntiChrist, and M$
needs a small tactical nuclear strike to straighten them out, but the
mail transport we're all using is a big part of the problem.

Yes, hell yes, and yes, in that order, but it's due to the fact that SMTP
was designed decades ago with a fundamental trust of the sender built in,
where the scum of the earth has showed this not to be a valid thing to
trust anymore. However, blaming the transport mechanism on the horribly
insecure target it's used to move things to is pointing blame in the
entirely wrong direction.

In other words, if windows wasn't a horribly insecure target, email
wouldn't be used to send viruses to it. Also, keep in mind that the
RPC worms not only don't involve Windows, but don't even need the
victim of the insecure OS to do anything wrong, like opening an attachment.

The fundamental flaw is that Microsoft OS's allow the user's processes to
interfere with the system's internals. If "Joe User" was locked away from
the system internals, this wouldn't be a problem. Short of starting over
entirely, I don't see a fix; it's bigger than just user-profile and
permissions.

Easier, then, to either filter out the crap, or upgrade to an OS
that doesn't suffer from that fundamental design flaw.

Dave Hinz

 

[N9WOS]

or a masochist

(holds up hand....)
That's me!

I have six email addresses.
The simple one is the one aim all the Spam at.

I can email myself I so many different ways.

 

[Michael Baugh]

My posted e-mail address is my true one.

I don't open attachments. If someone sends me something
with attachments, I notify them that I received their post, but
couldn't access the attachment. Period. I had lived without it,
and would continue.

Also, I set up message rules. The one I call 'Microsoft' looks for
the words Microsoft or MS in either the subject header or the body.
In another recently made, a rule looks for the terms 'qmail',
'undeliverable', or 'undelivered'. To the 'delete' bucket they go.

This morning I got 94 posts, all but two posts were automatically
deleted. Later I'll order them by sender to verify that I don't have one
that is e-mailing me about their MS (Multiple Sclerosis)

 

[Steve Spence]

I set up a quarantine folder for attachments, and received 1500 overnight.

 

[Steve Spence]

why do I spread my email over usenet? because folks need to contact me. I
don't open attachments unless my av program says it's safe to do so, so I
have never been infected.

when I hosted my mail server, I configured my mail server to strip out any
emails with .exe, .com, .pif, .vbs, and html email with an <iframe> tag, but
my current provider doesn't have such flexibility.

--
Steve Spence
www.green-trust.org

After all this time, onlt an idjit would open an attachment from an unknown
source. Where have you been???!!! And why do you spread your address on
usenet? sheesh.

MH

 

[Steve Spence]

so I must be a masochist ;-)

 

[William P.N. Smith]

one, but is blocked by a buddy-list filter at the server. If I don't
know you, your mail won't get through. You'll get an automatically
generated reply telling you how to ask to have your name added to the list.

And thousands of people who's Email "from" addresses were harvested
and used to hide the source of the worms will get those bounce
replies. There aren't any easy answers.

 

[William P.N. Smith]

The from line is trivial to forge. Other header information is tough
to impossible to forge, including the originating IP. One does have
to learn to view headers which is trivial.

OK, and what can we do with the "originating IP", assuming it's not
obscured by additional 'fake' originating headers? Sometimes I'll do
a traceroute and complain to an upstream provider, but I can't do that
for thounsands of Emails per day.

If microsoft is so bad, why are you using a microsoft operating system

Because that's the only OS that will run all the programs I want.
Doesn't mean I have to like it...

 

[N9WOS]

list.

And thousands of people who's Email "from" addresses were harvested
and used to hide the source of the worms will get those bounce
replies. There aren't any easy answers.

The "from" address is totally worthless on the messages.

The one that is correct is the
"Return-Path: <X at X . net>"
That, for as I can tell, is the valid sender.
And that is where you want to send your emails
to, when telling them that they are broadcasting a viruses.

Some viruses mess with the "Return-Path:",
but I don't see any evidence that this one does.