| Page 2 of 2 | 1 | 2 |
|
|
I was getting several hundred of these a day. I got the idea to take my
email address out of my Chat group profiles, just in case some hacker software was 'harvesting' email addressesfrom these sites. When I removed my email address from the Yahoo Chat groups I was subscribed to, the spam seemed to stop dead in its tracks. All has been quiet for some time now. Coincidence?? Joe W3JDR "Bob Miller" wrote in message ... On Sat, 20 Sep 2003 18:42:36 -0000, "David Robbins" wrote: "Steve" wrote in message om... "Cecil Moore" wrote in message ... Is anyone else being deluged with Virus/Worm email messages? -- 73, Cecil http://www.qsl.net/w5dxp Yes, 14 yesterday and 4 so far this morning. you must not have many friends who have you in their address book... i got about 1000 overnight last night and about 2500 the day before. I only get about 3 or 4 emails a week from the spammers. Mostly about penile enlargement, for some reason. I recently changed my email address, and set my ISP email anti-spam filter to "light". That sure cut down on the email. I also have no firewall and no anti-virus protection, but the computer works fine, day after day, regardless of how much I get on the Internet. Bob k5qwg |
"Ken Bessler" wrote in message ... "Zoran Brlecic" wrote in message ... Bill wrote: "bright Indian programmers" do not exist. If you are going to count on that craphole of a place to produce anything usable, then you have a hard wake up coming. A nation without flush toilets is hardly technologically advanced to write an OS of any merit...just think...those idiots have nuclear weapons...probably aimed at themselves. Funny... some people would claim the same about trailer trash rednecks like you. Next he'll point out that Chandrasekhar was not *really* Indian. Admittedly he was not a programmer but was a fairly bright person. |
On 22 Sep 2003 15:52:11 GMT, "Dick Carroll;"
wrote: Is is not correct to say that Windows was left vulnerable so that other computers can deliberately enter and assess remote computers for various reasons, such as determining whether or not the copy of the OS in use had been properly :"registered" before issuing updates? I'm not a programmer but it seems that might xerainly be a very good reason. In other words, all these security "holes" are perhaps not accidental. When a virus writer takes advantage of one of them the "patch" issued to "fix" it mught just be specific to that particular violation, instead of permanently taking care of the problem. I know that the Windows series is an extremely complex piece of work, but the virii issuers seem to have little trouble finding cracks that Bill's programmers couldn't anticipate.. Dick Hi Dick, Your claim I'm not a programmer Should have been the point where you stopped writing. The security holes are not inadvertent mistakes that anyone could have suffered in the face of such a monumental work as Windows. These holes (and I am not talking about the current round of affairs, as neither was J. McLaughlin) are deliberate design "features" that Chairman Bill and MS claim to be what the user population clamor for. In other words, insecure software is being deliberately constructed and sold for the express purpose of satisfying Market issues. MS is quite blunt in this admission, and aggressively so! Many years ago, the computer community bewailed MS's determination to allow raw sockets to be made available at the user level. As you are "not a programmer" you probably never heard this debate, and yet it is part and parcel to the features of insecure design. MS snubbed the security experts (Not Invented Here syndrome) and went their own way - the body count over those same years testify to it in the millions. Unfortunately the income measures in the billions and security is buried in the digits with the corpses of dead machines. The feature called DCOM is so insecure, that it leads the way in current hacker fields of delight. DCOM is a patchwork quilt of an older Marketing concept called COM (which has been largely ignored by software professionals such that MS tried to "sex" it up by adding a "D" to make it "Distributed," yet another Market slide) which in turn was spun off from OLE. All of these have technical basis in implementation, but were designed in whole ignorance of security requirements. You have absolutely no need for DCOM, and yet as a service to you MS has deliberately left access to it on your machine open to anyone on the internet. None of these issues are trivial. None of them require poking and prodding to discover or crack. None of them came without advanced warning (and one site has had fixes months in advance of MS). None of them were designed by accident, or through the misfortune of Windows being too complex to debug 100% faithfully. What is worse, MS even submitted a security patch in the last two weeks that did not work! Making allowances for them is generous in the extreme. I note that you post from a revolving IP, such that if you had not, I could have connected to your machine to give you a demonstration of how open you are to attack. It involves a command built into NT that is designed EXPRESSLY to allow me to do this! I don't need hacker tools, just a DOS session and the command line interpreter will do the rest. If you ever consider moving up to townsqr's hi-speed connectivity, you better get these on-ramps to your system controlled! 73's Richard Clark, KB7QHC |
David Robbins wrote: "Steve" wrote in message m... "Cecil Moore" wrote in message ... Is anyone else being deluged with Virus/Worm email messages? -- 73, Cecil http://www.qsl.net/w5dxp Yes, 14 yesterday and 4 so far this morning. you must not have many friends who have you in their address book... i got about 1000 overnight last night and about 2500 the day before. My guess is, they're getting addresses from newgroups. ac6xg |
Jim Kelley wrote:
David Robbins wrote: "Steve" wrote in message m... "Cecil Moore" wrote in message ... Is anyone else being deluged with Virus/Worm email messages? -- 73, Cecil http://www.qsl.net/w5dxp Yes, 14 yesterday and 4 so far this morning. you must not have many friends who have you in their address book... i got about 1000 overnight last night and about 2500 the day before. My guess is, they're getting addresses from newgroups. That has been confirmed. -- "I cannot imagine what it's like to know nearly everything about systems and have to deal, daily, with people who know nearly nothing about systems. It's like being a cosmologist at an astrology convention)...." -- James Lileks |
Roger Halstead wrote in message
I would respectfully suggest that you upgrade to one of the later versions of Netscape. 3.1 is about as open to giving out your information as any produced. I only use it to read mail. I don't browse with it. Besides, thats a different issue than the micro viruses being discussed. P.S I have newer versions of netscape. KInd of like playing cards. Take your pick. It's a knee jerk reaction to blame the OS (which do have lots of holes in them), but in reality the blame for well over 90% of the problem comes directly from us...the users. No, it's not a knee jerk reaction. The OS security problems I refer to have nothing to do with the discussed macro viruses. They are altogether different problems. Just as serious though. Probably more so. The new ones are no worse than 98, or 98 SE. They sure are no better. I would say worse....But, it's not really important. I don't have any trouble with any of these worms, viruses, etc. So anything I say can hardly be called a knee jerk reaction. I have plenty of unmolested time to think about it. MK |
If you're so sure about your 'invulnerability', why do you have seven
email filters? Try turning them off and see what you get. ;-) jk Richard Clark wrote: On Mon, 22 Sep 2003 17:52:22 +0000 (UTC), (Mike Andrews) wrote: My guess is, they're getting addresses from newgroups. That has been confirmed. Hi Mike How? I've been a participant here for years with my address freely available. Not one hit from this virus, not even 30 emails during the entire period and only one (1) at the peak. Other correspondents here complain of 1000's in a single day, and 10MB mail storage being saturated. Do you have a link to an authoritative site that offers evidence of your statement? 73's Richard Clark, KB7QHC |
You seem to have missed the point. The particular operating system you
happen to run has nothing to do with whether or not viruses are sent to your email address. 73, Jim AC6XG Richard Clark wrote: On Mon, 22 Sep 2003 11:43:30 -0700, Jim Kelley wrote: If you're so sure about your 'invulnerability', why do you have seven email filters? Try turning them off and see what you get. ;-) jk Hi Jim, I have, same old spam conforming to exactly what the filters were designed to weed out. I had to wait quite a while for any to come in. You think one filter would do it? Now there's dreaming in technicolor and surround sound. Among the 7, several cover 26 common explitives and variants of their spellings (using a unix style of expression to describe them such as X* where the star denotes 0 or more repetitions of the character X; I do the same thing with $*). This sure beats the MS method of hotmail security where you have to list every single person you trust (what a crock) if you want to keep out the universe of smut. Methinks their MSN butterfly is on the verge of intellectual extinction. Of the others, I reject mail not addressed to me (a no brainer - eh?). Agent would allow me to combine them all into one filter (a dream come true?), but why bother. Most programming errors are caused by logical statements that are so vast and cryptic that they are impossible to read coherently - like any of 600 postings made by Cecil. ;-) Anyway, I have been engaged in a series of emails since this last posting (with Mike) where he is averaging 1 hit a minute, and me none for this entire time. By his accounts, it is from newsgroup harvesting, and it would seem the majority of sufferers here picked up the infection somewhere else (not rraa). Of the dozen odd other groups I follow, this topic is alien to correspondents who show no signs of infection. So, Jim, how have you fared during the deluge? 73's Richard Clark, KB7QHC (with only 1 spam today) |
On Mon, 22 Sep 2003 12:41:50 -0700, Jim Kelley
wrote: You seem to have missed the point. The particular operating system you happen to run has nothing to do with whether or not viruses are sent to your email address. 73, Jim AC6XG Hi Jim, I rely on the evidence of testimony here. 80% of the correspondents who are also sufferers are using IE/OE in some form of Windows (hard to do it otherwise). The servers (at least mine at Comcast which have been infected by Blaster and infected my outgoing mail) are MS products. MS products and OS's contain documented and autopsied problems that support such virus activity. I also use MS products (but certainly not their lame internet applications). I have never performed a security upgrade, but instead have simply disabled those faulty modules that they circulate as product enhancements. Tools for such activity may be found at: http://grc.com/default.htm which provides more news and resource than all the nonsense wishing away nightmares. In that page's update TODAY is the warning: "Many security watchers believe that a new worm, not unlike "MSBlast" which targeted the previous DCOM/RPC vulnerability, is virtually inevitable." How many here even comprehend what DCOM is? Are we to be treated to a new chorus of whines about how the ghosts of the internet haunt them? I've had this problem fixed (courtesy of the same site) for several months. Have you taken precautions? (I note you failed to respond to my query about how you've fared through this latest attack.) I can say without fear of contradiction that particular operating systems (MS) are obviously correlated through history and actuality. I also host a server on a fixed IP (http://12.230.78.56/) that has surfed through all these disasters and still winging right along unfazed. It supports an uncrackable OS simply because my net log reveals no one is looking for anything but MS code. The only thing that will crash it will be the log filling up (but no one is going to find an executable to run - too many clowns and not enough ringmasters). As to having missed the point, I offer that part of my message you missed reading: Anyway, I have been engaged in a series of emails since this last posting (with Mike) where he is averaging 1 hit a minute, and me none for this entire time. By his accounts, it is from newsgroup harvesting, and it would seem the majority of sufferers here picked up the infection somewhere else (not rraa). Of the dozen odd other groups I follow, this topic is alien to correspondents who show no signs of infection. These other users were also clearly (through header examination) MS users. They were clearly not sufferers. That, or the Darwinian mechanics thinned them out without chance for recovery (another MS commonality) to complain, warn, or join in chorus of whine. 73's Richard Clark, KB7QHC |
On Mon, 22 Sep 2003 16:36:51 GMT, Richard Clark
wrote: snip Should have been the point where you stopped writing. The security holes are not inadvertent mistakes that anyone could have suffered in the face of such a monumental work as Windows. These holes (and I am not talking about the current round of affairs, as neither was J. McLaughlin) are deliberate design "features" that Chairman Bill and MS claim to be what the user population clamor for. Richard, you reminded me of things I had long forgotten. I've been around this stuff since before there was a Microsoft. I purchased my own PC in 1979-1980. We called them PC even before IBM was given the copyright...much like MS and DOS. sigh In other words, insecure software is being deliberately constructed and sold for the express purpose of satisfying Market issues. MS is quite blunt in this admission, and aggressively so! Many years ago, the computer community bewailed MS's determination to allow raw sockets to be made available at the user level. As you are "not a programmer" you probably never heard this debate, and yet it is part and parcel to the features of insecure design. MS snubbed the security experts (Not Invented Here syndrome) and went their own way - Although I'm not an MS booster, I've had to use it to stay compatible over the years. I do take exception to their ethics and lack there of. OTOH, as much as I hate to admit it, I truly believe that had MS not gone for the "Market" we wouldn't have the abilities we have today. And...yes that can be taken two ways and both are correct. sigh the body count over those same years testify to it in the millions. Unfortunately the income measures in the billions and security is buried in the digits with the corpses of dead machines. The feature called DCOM is so insecure, that it leads the way in current hacker fields of delight. DCOM is a patchwork quilt of an older Marketing concept called COM (which has been largely ignored by software professionals such that MS tried to "sex" it up by adding a "D" to make it "Distributed," yet another Market slide) which in turn was spun off from OLE. All of these have technical basis in implementation, but were designed in whole ignorance of security requirements. You have absolutely no need for DCOM, and yet as a service to you MS has deliberately left access to it on your machine open to anyone on the internet. None of these issues are trivial. None of them require poking and prodding to discover or crack. None of them came without advanced warning (and one site has had fixes months in advance of MS). None of them were designed by accident, or through the misfortune of Windows being too complex to debug 100% faithfully. What is worse, MS even submitted a security patch in the last two weeks that did not work! Making allowances for them is generous in the extreme. I guess I'd have to be generous and say I doubt they released the patch that didn't work on purpose...It's bad for their image. I note that you post from a revolving IP, such that if you had not, I could have connected to your machine to give you a demonstration of how open you are to attack. It involves a command built into NT that is designed EXPRESSLY to allow me to do this! I don't need hacker tools, just a DOS session and the command line interpreter will do the A few years back, I was receiving an inordinate number of viruses which more correctly were mostly worms. I'd take the IP and head for what looked like the culprit in the above manner. I verified that was the source and then sent them an e-mail, or looked up the phone number and called. True, I didn't track all that many down, but I still found a bunch and those e-mails had given me the machines address. Back them dynamic IPs were the norm, not the static IPs on the broadband of today. BTW, many of those systems would have been very easy to log in as I was basically in the same position as any user when they are at the boot up screen. OTOH, I had no desire to root around in someone else's system and particularly if it most likely had a virus. I can't imagine going on the net with an MS system without a firewall, virus checker, "cookie cruncher" and "SpyBot". I don't use MSs firewall either and I avoid "Passport" like the plague. IF MS would just set the defaults to off, it would be a big improvement, but their market base wants all that stuff that opens them to the whole wide world. It's not just individuals who want that fancy stuff either. My wife has used one of our computers for several years to keep a large database for a pretty big organization. That database comes with a complete set of macros and VB programming to make it user friendly. I have the security features now set to prevent that stuff from running automatically. If they want her volunteer time they are going to have to create a stand alone program to use the database as our system now strips that stuff off on receipt. Maybe it's overkill, but I don't like the idea of a program having the ability to run macros and VB when it is opened. Either is quite capable of doing any operation on my computer that I can and probably no few that I don't even know about and my degree is in CS. rest. If you ever consider moving up to townsqr's hi-speed connectivity, you better get these on-ramps to your system controlled! It's interesting to sit here was watch port probes repeatedly move through the list trying to find a way in. If I did not have a fire wall they'd be in on the first try. One day I saw a familiar address as the source of the probes. I called my ISP and asked them to check out an IP that was probing my machine. There was a long pause and then the exclamation..."That's one of OUR IPs"! "Yah, I know...I think you guys have picked up a termite." To top it off I use multiple layers of isolation and they were still probing the one machine. Just the one, none of the others. So, from the marketing standpoint the MS approach has been extremely successful, but a disaster from the security standpoint. OTOH, had some other system such as LINUX, or UNIX been adapted to a user friendly GUI (I mean man-on-the-street friendly) No system is completely invulnerable, but I wonder what the state of the art for users and security would be had a more secure route been followed? Would the industry have progressed as fast? would redirected energy from crackers eventually have created as much of a problem? Would we have near as many people capable of interacting world wide? All hypothetical questions as there is really no way of answering "what ifs". What we do know beyond the history is that the "ordinary" users are not truly computer literate and no amount of education and training is going to make them give up those fancy features that open their computers to the whole wide world and I don't mean internet. Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) 73's Richard Clark, KB7QHC |
On Mon, 22 Sep 2003 16:10:22 -0700, Jim Kelley
wrote: I run a firewall on my desktop system so I can see what's happening on both sides of the ethernet card. My system is not infected. FYI there's a free utility called stinger that can be used to scan for these worms. Nevertheless, the inbox on the unix system that handles my email has accumulated about 100 of these kind of messages a day since last Tuesday or so. I have my desktop system set to filter them. http://grc.com/default.htm has offered a port scanner for years. Also a Trojan Horse detector. But if you are trying to say that the author(s) of the viruses are specifically targeting users with a MS notation in their news header, then you may be right. But you didn't say that. 73, Jim AC6XG Hi Jim, I find it somewhat beyond the bounds of belief that some one individual, or consortium of individuals are sitting at home and directing attacks at selected accounts. The only vector of success is found in an OS that supports this for them. Look at who's complaining of massive attacks, and with the exception of Mike, whose posting activity is highly correlatable, and the rest, who are not; then those who are not are highly correlatable to what they commonly use. The evidence is overwhelmingly MS oriented, and not through force of numbers simply because MS dominates the market. For a simple example of that contradiction is my own situation. I run Win2000 and I do not use MS internet software. For this entire day I've gotten 5 emails from folks reading my comments and two that went to the trash can for transgressing my filters. It is quite obvious to me that suggestions that the newsgroups are being harvested is not applicable to this one (rraa), nor the dozen odd others I participate in. I can easily imagine it may be confined to a few newsgroups, and through those few, the stream cascades by virtue of poor security management by those naive enough to use MS software and just let things ride. This conflagration would die of lack of combustibles otherwise. This is classic symptomatology. 73's Richard Clark, KB7QHC |
I can prove it.... gimme an email address to forward all the ones I am
getting! -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. ... --. .... - . .-. ... "Richard Clark" wrote in message ... On Mon, 22 Sep 2003 17:52:22 +0000 (UTC), (Mike Andrews) wrote: My guess is, they're getting addresses from newgroups. That has been confirmed. Hi Mike How? I've been a participant here for years with my address freely available. Not one hit from this virus, not even 30 emails during the entire period and only one (1) at the peak. Other correspondents here complain of 1000's in a single day, and 10MB mail storage being saturated. Do you have a link to an authoritative site that offers evidence of your statement? 73's Richard Clark, KB7QHC |
Hey Mike,
In my case, the virus email bombing that I am getting has not affected my in regards to being infected, but it definitely has slowed everything down. It is taking forever to use my ISP's webmail email browser (in order to not download the infected emails) to load up, when there is 200-1,000 messages in the email box. I am quite sure I am not the only one getting this happening to them as well, that are on the same ISP. Must definitely be overloading the mail server my guess would have to be. -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. ... --. .... - . .-. ... "Mike Andrews" wrote in message ... Walter Maxwell wrote: On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards" wrote: Is anyone else being deluged with Virus/Worm email messages? -- ================================ Me too - 2000 per day. Terrorist attack or just another up-and-coming Bill Gates? G4FGQ, UK Me too, 49 yesterday and 80 today. So far today: $ grep -i logging ljoe.txt | wc -l 1286 $ grep -i "\/dev\/null" ljoe.txt | wc -l 976 That's 976 worms out of 1286 mails accepted, total. That doesn't count the 54 that I bounced because I don't accept mail from the sender's domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough on the other people on my cablemodem segment. -- Mike Andrews, working on his ticket again. Tired old sysadmin since 1964 WN5EGO back in 1963 |
Cecil
At least with a Mac the viruses wouldn't be able to do anything were you foolish enough to open one of the attachments! It got to about 1000/day and I had to change my email addresses but they've already found one of my new addresses. Random number spam bots I tell ya. Intentional QRM!! 73 H. NQ5H "Cecil Moore" wrote in message ... Richard Clark wrote: Look at who's complaining of massive attacks, and with the exception of Mike, whose posting activity is highly correlatable, and the rest, who are not; then those who are not are highly correlatable to what they commonly use. The evidence is overwhelmingly MS oriented, and not through force of numbers simply because MS dominates the market. I suspect that if I were running an Apple, my inbox would be just as full. -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
H. Adam Stevens, NQ5H wrote:
Cecil At least with a Mac the viruses wouldn't be able to do anything were you foolish enough to open one of the attachments! I'm running Netscape 7.1 with virus-scan/firewall. Most of my email is routed through the IEEE forwarding server which removes virtually all viruses and worms. Unfortunately, they send me what's left of the message along with another message telling me what they did. I would be happier if they didn't waste bandwidth telling me about it. -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
My old email address was getting to be useless so I killed it and made up
two new ones. Presumably this post shows the ARRL remailer which goes to one of the new email addresses. One of the addresses has not been used. They found it. Linux anyone? 73 H. "Ryan, KC8PMX" wrote in message ... Hey Mike, In my case, the virus email bombing that I am getting has not affected my in regards to being infected, but it definitely has slowed everything down. It is taking forever to use my ISP's webmail email browser (in order to not download the infected emails) to load up, when there is 200-1,000 messages in the email box. I am quite sure I am not the only one getting this happening to them as well, that are on the same ISP. Must definitely be overloading the mail server my guess would have to be. -- Ryan, KC8PMX FF1-FF2-MFR-(pending NREMT-B!) --. --- -.. ... .- -. --. . .-.. ... .- .-. . ..-. .. .-. . ..-. .. --. .... - . .-. ... "Mike Andrews" wrote in message ... Walter Maxwell wrote: On Sat, 20 Sep 2003 19:01:51 +0000 (UTC), "Reg Edwards" wrote: Is anyone else being deluged with Virus/Worm email messages? -- ================================ Me too - 2000 per day. Terrorist attack or just another up-and-coming Bill Gates? G4FGQ, UK Me too, 49 yesterday and 80 today. So far today: $ grep -i logging ljoe.txt | wc -l 1286 $ grep -i "\/dev\/null" ljoe.txt | wc -l 976 That's 976 worms out of 1286 mails accepted, total. That doesn't count the 54 that I bounced because I don't accept mail from the sender's domain, so it's 976 out of 1340 attempts. At about 150K per try. Rough on the other people on my cablemodem segment. -- Mike Andrews, working on his ticket again. Tired old sysadmin since 1964 WN5EGO back in 1963 |
H. Adam Stevens, NQ5H wrote:
Presumably this post shows the ARRL remailer which goes to one of the new email addresses. Does the ARRL remailer check for viruses/worms? -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
On Mon, 22 Sep 2003 16:36:51 GMT, Richard Clark
wrote: I note that you post from a revolving IP, such that if you had not, I could have connected to your machine to give you a demonstration of how open you are to attack. It involves a command built into NT that is designed EXPRESSLY to allow me to do this! I don't need hacker tools, just a DOS session and the command line interpreter will do the rest. If you ever consider moving up to townsqr's hi-speed connectivity, you better get these on-ramps to your system controlled! 73's Richard Clark, KB7QHC I have a static IP address, would you care to prove how open to attack my system is? |
I don't know, it may pass 'em right through, like bad food,
but at least the email address at my ISP isn't being openly broadcast on usenet. 73 H. "Cecil Moore" wrote in message ... H. Adam Stevens, NQ5H wrote: Presumably this post shows the ARRL remailer which goes to one of the new email addresses. Does the ARRL remailer check for viruses/worms? -- 73, Cecil http://www.qsl.net/w5dxp -----= Posted via Newsfeeds.Com, Uncensored Usenet News =----- http://www.newsfeeds.com - The #1 Newsgroup Service in the World! -----== Over 100,000 Newsgroups - 19 Different Servers! =----- |
On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote:
I have a static IP address, would you care to prove how open to attack my system is? Hi Roger, It is not apparent in your headers. 73's Richard Clark, KB7QHC |
|
Dee D. Flint wrote:
"David or Jo Anne Ryeburn" wrote in message ... In article , "Dee D. Flint" wrote: I've tried to trap them but the headers and senders, etc are all different. The "From:" lines are likely forged. Many such worms and viruses pick recipients and purported senders randomly from the infected computer's Outlook or Outlook Express address list. If you want to see where the message really is coming from, examine full headers carefully -- specifically, the "Received: from" lines. If you have a suggestion on how to stop them, please let us all in on it. Persuade the universe to cease using unsafe operating system software, browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including the version now marketed by Apple, is pretty safe. David, ex-W8EZE, whose computers are happily MS-free except for safe 11 year old versions of Word and Excel If everyone switched to UNIX, the solution would be short-lived as the virus writers would then switch to attacking it. Right now, they simply get more "bang for the buck" by attacking Windows and it doesn't give them much of a thrill to also go after UNIX system users or Apple computer users. You have touched on the answer, Dee. What computer and software manufacturers have done that is a fatal flaw in their systems is insist that "EVERYTHING HAS TO BE THE SAME" I remember the abuse that I took from PC users because I was running an Amiga for so many years. Installed User Base, PC Compatibility and other mantras were tossed at me and others who dared to use "non-standard" computers like the Amiga and the Mac. But here we are undergoing attack after attack because of what. 95 percent of us are using the same platform, the same OS and the same software. We are going through an computer analog (heh heh) of the Irish potato famine. I do like to draw a parallel between the agricultural monoculture and computer monoculture. Only grow one crop, and you're vulnerable. Whether MS likes it or not, one big step toward a cure (besides them writing incredibly poor software) is for there to be several different types of email software. This software is not to be crippled by all the features that they try to add, with every feature seems to come a new vulnerability. Especially things like IE and Outlook coupling up mailing addys. I personally use only the MS products that I absolutely have to, and will not use their mailing system. I use Netscape for mail, and it works okay. If Netscape were to somehow become the big mail program - which will never happen - I'll switch to something else. But the majority of PC users are unwilling to believe this sort of rationale, as they scramble daily to update their Virus definitions, an other stunts that don't really work too well. After all, there has to be a virus that infect a computer before there can be a definition for it. - Mike KB3EIA - |
Roger Halstead wrote in message \
They are mail and newsgroup reader problems and *nearly* all can be prevented by properly configuring said programs. Turn off the ability to read mail in HTML, don't let macros run, disable Java, and above all don't open attachments until after verifying whoever really sent it. This is particularly true if the thing came from some one you know. How many times have you heard some one say, Oh, I don't worry. I only open attachments from people I know. Now there is a prime candidate for a virus. MS operating systems are written for the masses. It depends on your definition of computer literate, but unless you make the definition very lenient there are few computer users who are computer literate. Thats the exact problem as I see it. The *average* e-mail user, who has little on the ball as far as puters is left to the wolves because MS installs all that stuff with all the options wide open. And unless you go and read all the docs to learn how to turn it off, the average user will not even be aware that they are at risk. And you know how many probably read the docs....Yep, about 4.27%...If MS gave a real hoot about protecting peoples security, they would install with it all turned off, and instruct the user to turn on features as or if needed. But nooooooo......The average users first instruction on the problem, or feature that led to the problem, is after they are cleaning out a macro virus. And with a virus like sobigf, you could go for months without knowing you had it , unless someone finally tells you. The sent emails are forged with someone in the address book, or whatever. Then, hummmmm, they finally learn about attachement problems, etc.. It's kind of the same way with the "ports" that MS likes to leave wide open with a default install. The average user won't have a clue his box is wide open. Well, Maybe if he stumbles across Gibson research or whatever... A good majority of the outlook virus problem victims are e-mail readers that could give a hoot about puter OS's, outlook or whatever. They plug it in, and dial up. MS doesn't do them any favors by leaving them wide open to attack, and not even telling them about it in a noticable manner. There are worms out now that need no e-mail connection. They are planting them through open ports I think. I don't keep up with all the "new" OS problems much. I only worry about the one I'm running at the time. MK |
On Tue, 23 Sep 2003 20:58:45 GMT, Richard Clark
wrote: On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote: I have a static IP address, would you care to prove how open to attack my system is? Hi Roger, It is not apparent in your headers. 73's Richard Clark, KB7QHC I know, I would have to give it to you. I don't think its quite as easy as you say to "hack" into an NT system, unless the person that set up has no idea what their doing. |
On Wed, 24 Sep 2003 12:37:37 GMT, Roger wrote:
On Tue, 23 Sep 2003 20:58:45 GMT, Richard Clark wrote: On Tue, 23 Sep 2003 20:10:55 GMT, Roger wrote: I have a static IP address, would you care to prove how open to attack my system is? Hi Roger, It is not apparent in your headers. 73's Richard Clark, KB7QHC I know, I would have to give it to you. I don't think its quite as easy as you say to "hack" into an NT system, unless the person that set up has no idea what their doing. Hi Roger, So why ask in the first place? 73's Richard Clark, KB7QHC |
On Wed, 24 Sep 2003 15:53:56 GMT, Ken wrote:
Richard; Your statement is in reference to systems that have been infected by a virus or worm. The O/S has nothing to do with who the virus's are sent to. I set up several e-mail accounts on yahoo and posted to several groups. I did pick a subject that would generate responses, after 7 or 8 hours the e-mail accounts were filled with messages with the virus attachments. I don't use Microsoft products, So I don't know how Outlook handles replies to usenet posts. That is, if it treats it as an E-mail address and adds it to an address book. Although its possible that the subject I picked could have upset a few enough to intentionally send me an E-mail with a attached virus, I would tend to think that its based on address books. I have set several more accounts up on Yahoo, trying to narrow down which groups seem most prone to generating virus e-mails. Ken Hi Ken, Yours is simply the same chorus before you: "It ain't about MS." You then snap the rug from under yourself (how do you do that?) by saying virus (what does a virus infect except an OS?). It is the height of denial to portray these attacks as coming from an individual sitting in the bedroom sending emails, or a group of closeted individuals pushing send buttons. That traffic would be snuffed so fast where MS would have sheriffs at their door in a millisecond. A virus by definition infects the OS. There are many out there built into the backbone of the internet. Some are router only OS's, others are Linux machines, Unix machines, Sun Machines, and certainly MS machines. Does it take Rocket Surgery to diagnose that of those, one OS source (fill in the blank) in particular has been announcing security failures in their designs (and I am not talking about the ubiquitous OE/IE problems so many snuggle up to as it nibbles into their tender flesh) 2 a week? This is up from an average of once a week for at least two years. If the backbone escaped attack (and it is certainly more geared for following events than users are); it follows someone ELSE's machine has become infected and is acting in part of a conspiracy to accomplish this work through proxy. Guess what they have as an OS? Care to wager it is an unprotected system that has been requiring patches on a weekly basis for years? All of this is classic symptomatology of recent attacks and hardly a novel concept drug up from the deep recesses of my paranoia. There are two classes of MS users. Those who are infected but live through its effects without obvious harm (except for lost bandwidth capacity they blame on "general conditions"). A century ago they would go by the name Typhoid Mary. Then there are those who are infected but are being hammered by the virus AND spreading infection. There is a third and fourth class that barely wiggle the digits: the lucky and the smart. Eventually, through Darwinian thinning, the smart population will become dominant, but only if they can crawl over the mountains of corpses that litter the -ahem- netscape. 73's Richard Clark, KB7QHC |
On Wed, 24 Sep 2003 18:30:16 GMT, Ken wrote:
Richard Clark wrote: Richard; Hope you don't mind if I respond to each part of your post? Not if you don't object to my clipping extraneous material here. Yours is simply the same chorus before you: "It ain't about MS." Really? Where did I say that? I don't even use Microcrap, why would I defend them? I cannot speak to your motivation. I can respond to its appearance however. "The O/S has nothing to do with who the virus's are sent to:" Which it TRUE! Perhaps so, but hardly a subject that merits discussion unless this is a recovery group where we all talk about feelings. I don't use windows and have a bunch of e-mails with virus's in them. Well, do they present an issue vis-a-vis the virus, or simply the quantity of mail clogging things in general? You don't offer much to separate what issue you are responding to. I think you miss read what I was saying, or maybe I didn't make myself clear. Your system doesn't have to be infected to receive a bunch of E-mails with the virus. Everyone was complaining about the number of virus e-mails they were receiving. That doesn't mean that their system is infected. It does mean that an infected Microsoft system sent them. Is that better? Perhaps. I see nothing to consider except to observe that those who have suffered are likely candidates for spreading the same contagion. You implicitly offer you are not one to be part of that vector, but again you've offered nothing in that regard to distinguish what it is that brings you forward. I am reacting to those who think that all danger is external (the fuzzy warm feeling that if there are miscreants mining newsgroups for names and addresses, then our sufferers are not part of the problem); nothing could be further from the truth. Didn't mean to upset you Richard, it sounded like you wanted to discuss where the list of e-mail address's were coming from that had virus's sent to them. Do you repond to all posts in such a manner? My first post to you and respond like I have been arguing with you for the past 2 weeks. I doubt that you even bothered to read the rest of my post after you saw the O/S part of it. And yet you have nothing to offer about where they came from. Every post made is an act of personal choice. If you choose my observations as an issue, I respond to that. If you choose where the list of e-mail address's were coming from that had virus's sent to them. then you would have offered that in your post. You did not. I cannot respond (or actually I hesitate) to my projections of what I think you want. Others here do that quite well - generally that is very unsatisfactory dialog (being one-sided and all). I have offered both points of view throughout this thread, you have not responded to where I presented the discussion of news group mining. Again that is a personal choice of yours for which I am not in a position to dictate. You presume I want to discuss where the address's are coming from. Actually no, I have no interest in that at all. It would seem even fewer of the complainants here do either. I observed earlier that rraa does not appear to have been mined for any list. I also observed that if newsgroups were being mined, then those sufferers apparently became part of the contagion somewhere else, or through some other activity. Absolutely no one has stepped forward to enumerate their other activities (public health goes down the crapper in such times if other activities reveal the vector). To this point, today, I have received only 7 emails, all of which triggered the usual porn filtering mechanism. That is fairly typical for my public exposure here, and I participate in a dozen odd other groups to notice that discussion of this virus is a wholly alien subject. This, to me, suggests that the premise of newsgroup mining is so much looking under the bed for monsters. I have corresponded with one here who posts to one technical group that is heavily trafficked by potential miscreants (or so is my presumption by his description) and I would speculate, yes, any open address in that group (especially if you respond to those with an attitude) is a target of opportunity. But just what does a target offer? A new vector of infection, and if that target is practicing anti-viral lifestyles, that presents a fairly limited contagion that barely rises above sniffle. Just one not practicing an anti-viral lifestyle has, through MS products, the capacity to spread infection like a firestorm. Hence, it doesn't really matter where the address's are found, there are 30000 different groups that need only offer a thousandth of a percent hit rate to cascade into millions. 73's Richard Clark, KB7QHC |
On Thu, 25 Sep 2003 00:21:53 GMT, Ken wrote:
Richard Clark wrote: Richard; Sorry, I didn't mean to come across like I did. Can I blame it on a bad day at work? I had scanned through the messages and thought I had seen were you had an idea where the E-mail addresses came from. Thats why I wrote to you with what I had found out, looking for your input and ideas. If I knew more about how outlooks address book work, I think I have a pretty good idea where the address's are coming from. I apologize for the way I acted toward you Ken Hi Ken, I took no slight. Further, I did, as you described, hit you like this was going on between us for two weeks - just my nature. Some forgive me, others don't, the rest don't care as long as it makes for good theater. There's every chance they (the names and addresses) are mined off the newsgroup participants. These things have to start somewhere. However, what feeds them is what I am interested in (being potential fodder), and when simple maintenance can snuff a bug, and many would rather suffer through it without dignity - then I don't offer much sympathy and tea. To this point in time today, only 10 trash canned items. I don't expect it is anything more than luck that there are these few as it has nothing to do with being hit, but rather by who threw the blow (actually the why). 73's Richard Clark, KB7QHC |
I have created email addresses that have never been exposed to the net or
the web. The ones using regular words get hit sooner and more frequently that the ones using random alphanumeric characters. Can you say ViralSpamBot? But..... What I want to know is...... ......why? Is life THAT boring? 73 H. |
On Thu, 25 Sep 2003 05:33:31 -0500, "H. Adam Stevens, NQ5H"
wrote: Is life THAT boring? 73 H. Hi OM, Put the word "pound" in one posting and see what happens. ;-) 73's Richard Clark, KB7QHC |
On 23 Sep 2003 18:00:04 -0800, Floyd Davidson
wrote: Mike Coslo wrote: Dee D. Flint wrote: "David or Jo Anne Ryeburn" wrote: "Dee D. Flint" wrote: If you have a suggestion on how to stop them, please let us all in on it. Persuade the universe to cease using unsafe operating system software, browsers, and e-mail programs coming from Redmond, WA ;-). UNIX, including the version now marketed by Apple, is pretty safe. David, ex-W8EZE, whose computers are happily MS-free except for safe 11 year old versions of Word and Excel If everyone switched to UNIX, the solution would be short-lived as the virus writers would then switch to attacking it. Right now, they simply get more "bang for the buck" by attacking Windows and it doesn't give them much of a thrill to also go after UNIX system users or Apple computer users. You have touched on the answer, Dee. David is the one who touched on it. The answer *is* to use an OS designed to be secure. Microsoft products are not, while virtually all of the current unix systems are. Some unixes (the ones with open source code, which does not include Apple) do have higher potential for good security than others. The "bang for the buck" argument is proof of it too. If you want a *bang*, then shutdown the *entire* Internet, not just some percentage of the hosts connected to it. The fact is that from the start the Internet itself ran on unix. That is less true today, but it is still true enough that if one could write a virus to knock out unix, one could just shut the Internet off for days. But, of course, it can't be done (or that is exactly what they would be doing). Unfortunately this is an academic argument as the "rest-of-the-world", is not going to change and wouldn't change if you provided it free...which much already is. The vast majority wouldn't change even if you installed UNIX, or LINUX and set up the applications. Then, most of those who would be willing to use one of those "if you set it up", they would want mail and news readers that do the same as Outlook and Outlook Express. If the OS didn't open them to the world their applications would albeit they would be less likely to trash the OS ... Roger Halstead (K8RI EN73 & ARRL Life Member) www.rogerhalstead.com N833R World's oldest Debonair? (S# CD-2) |
| All times are GMT +1. The time now is 01:54 AM. |
|
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
RadioBanter.com