I was getting several hundred of these a day. I got the idea to take my
email address out of my Chat group profiles, just in case some hacker
software was 'harvesting' email addressesfrom these sites. When I removed my
email address from the Yahoo Chat groups I was subscribed to, the spam
seemed to stop dead in its tracks. All has been quiet for some time now.

Coincidence??

Joe
W3JDR


"Bob Miller" wrote in message
...
On Sat, 20 Sep 2003 18:42:36 -0000, "David Robbins"
wrote:


"Steve" wrote in message
om...

"Cecil Moore" wrote in message
...
Is anyone else being deluged with Virus/Worm email messages?
--
73, Cecil http://www.qsl.net/w5dxp

Yes, 14 yesterday and 4 so far this morning.


you must not have many friends who have you in their address book... i
got
about 1000 overnight last night and about 2500 the day before.


I only get about 3 or 4 emails a week from the spammers. Mostly about
penile enlargement, for some reason.

I recently changed my email address, and set my ISP email anti-spam
filter to "light". That sure cut down on the email.

I also have no firewall and no anti-virus protection, but the computer
works fine, day after day, regardless of how much I get on the
Internet.

Bob
k5qwg

"Ken Bessler" wrote in message
...

"Zoran Brlecic" wrote in message
...
Bill wrote:

"bright Indian programmers" do not exist. If you are going to count
on
that
craphole of a place to produce anything usable, then you have a hard
wake up
coming. A nation without flush toilets is hardly technologically
advanced
to write an OS of any merit...just think...those idiots have nuclear
weapons...probably aimed at themselves.


Funny... some people would claim the same about trailer trash rednecks
like you.

Next he'll point out that Chandrasekhar was not *really* Indian.
Admittedly he was not a programmer but was a fairly bright person.

On 22 Sep 2003 15:52:11 GMT, "Dick Carroll;"
wrote:
Is is not correct to say that Windows was left vulnerable so that
other computers can deliberately enter and assess remote computers for
various reasons, such as determining whether or not the copy of the OS
in use had been properly :"registered" before issuing updates?

I'm not a programmer but it seems that might xerainly be a very good
reason.
In other words, all these security "holes" are perhaps not accidental.
When a virus writer takes advantage of one of them the "patch" issued
to "fix" it mught just be specific to that particular violation, instead
of permanently taking care of the problem.

I know that the Windows series is an extremely complex piece of work,
but the virii
issuers seem to have little trouble finding cracks that Bill's
programmers couldn't
anticipate..

Dick


Hi Dick,

Your claim
I'm not a programmer
Should have been the point where you stopped writing.

The security holes are not inadvertent mistakes that anyone could have
suffered in the face of such a monumental work as Windows. These
holes (and I am not talking about the current round of affairs, as
neither was J. McLaughlin) are deliberate design "features" that
Chairman Bill and MS claim to be what the user population clamor for.

In other words, insecure software is being deliberately constructed
and sold for the express purpose of satisfying Market issues. MS is
quite blunt in this admission, and aggressively so! Many years ago,
the computer community bewailed MS's determination to allow raw
sockets to be made available at the user level. As you are "not a
programmer" you probably never heard this debate, and yet it is part
and parcel to the features of insecure design. MS snubbed the
security experts (Not Invented Here syndrome) and went their own way -
the body count over those same years testify to it in the millions.
Unfortunately the income measures in the billions and security is
buried in the digits with the corpses of dead machines.

The feature called DCOM is so insecure, that it leads the way in
current hacker fields of delight. DCOM is a patchwork quilt of an
older Marketing concept called COM (which has been largely ignored by
software professionals such that MS tried to "sex" it up by adding a
"D" to make it "Distributed," yet another Market slide) which in turn
was spun off from OLE. All of these have technical basis in
implementation, but were designed in whole ignorance of security
requirements. You have absolutely no need for DCOM, and yet as a
service to you MS has deliberately left access to it on your machine
open to anyone on the internet.

None of these issues are trivial. None of them require poking and
prodding to discover or crack. None of them came without advanced
warning (and one site has had fixes months in advance of MS). None of
them were designed by accident, or through the misfortune of Windows
being too complex to debug 100% faithfully. What is worse, MS even
submitted a security patch in the last two weeks that did not work!
Making allowances for them is generous in the extreme.

I note that you post from a revolving IP, such that if you had not, I
could have connected to your machine to give you a demonstration of
how open you are to attack. It involves a command built into NT that
is designed EXPRESSLY to allow me to do this! I don't need hacker
tools, just a DOS session and the command line interpreter will do the
rest. If you ever consider moving up to townsqr's hi-speed
connectivity, you better get these on-ramps to your system controlled!

73's
Richard Clark, KB7QHC

David Robbins wrote:

"Steve" wrote in message
m...

"Cecil Moore" wrote in message
...
Is anyone else being deluged with Virus/Worm email messages?
--
73, Cecil http://www.qsl.net/w5dxp

Yes, 14 yesterday and 4 so far this morning.


you must not have many friends who have you in their address book... i got
about 1000 overnight last night and about 2500 the day before.

My guess is, they're getting addresses from newgroups.

ac6xg

Jim Kelley wrote:


David Robbins wrote:

"Steve" wrote in message
m...

"Cecil Moore" wrote in message
...
Is anyone else being deluged with Virus/Worm email messages?
--
73, Cecil http://www.qsl.net/w5dxp

Yes, 14 yesterday and 4 so far this morning.


you must not have many friends who have you in their address book... i got
about 1000 overnight last night and about 2500 the day before.

My guess is, they're getting addresses from newgroups.

That has been confirmed.

--
"I cannot imagine what it's like to know nearly everything about
systems and have to deal, daily, with people who know nearly nothing
about systems. It's like being a cosmologist at an astrology
convention)...." -- James Lileks

Roger Halstead wrote in message

I would respectfully suggest that you upgrade to one of the later
versions of Netscape. 3.1 is about as open to giving out your
information as any produced.

I only use it to read mail. I don't browse with it. Besides, thats a
different issue than the micro viruses being discussed. P.S I have
newer versions of netscape. KInd of like playing cards. Take your
pick.


It's a knee jerk reaction to blame the OS (which do have lots of holes
in them), but in reality the blame for well over 90% of the problem
comes directly from us...the users.

No, it's not a knee jerk reaction. The OS security problems I refer to
have nothing to do with the discussed macro viruses. They are
altogether different problems. Just as serious though. Probably more
so.



The new ones are no worse than 98, or 98 SE.

They sure are no better. I would say worse....But, it's not really
important. I don't have any trouble with any of these worms, viruses,
etc. So anything I say can hardly be called a knee jerk reaction. I
have plenty of unmolested time to think about it. MK

If you're so sure about your 'invulnerability', why do you have seven
email filters? Try turning them off and see what you get. ;-)

jk


Richard Clark wrote:

On Mon, 22 Sep 2003 17:52:22 +0000 (UTC), (Mike
Andrews) wrote:

My guess is, they're getting addresses from newgroups.

That has been confirmed.

Hi Mike

How?

I've been a participant here for years with my address freely
available. Not one hit from this virus, not even 30 emails during the
entire period and only one (1) at the peak. Other correspondents here
complain of 1000's in a single day, and 10MB mail storage being
saturated.

Do you have a link to an authoritative site that offers evidence of
your statement?

73's
Richard Clark, KB7QHC

You seem to have missed the point. The particular operating system you
happen to run has nothing to do with whether or not viruses are sent to
your email address.

73, Jim AC6XG


Richard Clark wrote:

On Mon, 22 Sep 2003 11:43:30 -0700, Jim Kelley
wrote:

If you're so sure about your 'invulnerability', why do you have seven
email filters? Try turning them off and see what you get. ;-)

jk

Hi Jim,

I have, same old spam conforming to exactly what the filters were
designed to weed out. I had to wait quite a while for any to come in.

You think one filter would do it? Now there's dreaming in technicolor
and surround sound.

Among the 7, several cover 26 common explitives and variants of their
spellings (using a unix style of expression to describe them such as
X* where the star denotes 0 or more repetitions of the character X; I
do the same thing with $*). This sure beats the MS method of hotmail
security where you have to list every single person you trust (what a
crock) if you want to keep out the universe of smut. Methinks their
MSN butterfly is on the verge of intellectual extinction.

Of the others, I reject mail not addressed to me (a no brainer - eh?).

Agent would allow me to combine them all into one filter (a dream come
true?), but why bother. Most programming errors are caused by logical
statements that are so vast and cryptic that they are impossible to
read coherently - like any of 600 postings made by Cecil. ;-)

Anyway, I have been engaged in a series of emails since this last
posting (with Mike) where he is averaging 1 hit a minute, and me none
for this entire time. By his accounts, it is from newsgroup
harvesting, and it would seem the majority of sufferers here picked up
the infection somewhere else (not rraa). Of the dozen odd other
groups I follow, this topic is alien to correspondents who show no
signs of infection.

So, Jim, how have you fared during the deluge?

73's
Richard Clark, KB7QHC (with only 1 spam today)

On Mon, 22 Sep 2003 12:41:50 -0700, Jim Kelley
wrote:

You seem to have missed the point. The particular operating system you
happen to run has nothing to do with whether or not viruses are sent to
your email address.

73, Jim AC6XG

Hi Jim,

I rely on the evidence of testimony here. 80% of the correspondents
who are also sufferers are using IE/OE in some form of Windows (hard
to do it otherwise). The servers (at least mine at Comcast which have
been infected by Blaster and infected my outgoing mail) are MS
products. MS products and OS's contain documented and autopsied
problems that support such virus activity.

I also use MS products (but certainly not their lame internet
applications). I have never performed a security upgrade, but instead
have simply disabled those faulty modules that they circulate as
product enhancements. Tools for such activity may be found at:
http://grc.com/default.htm
which provides more news and resource than all the nonsense wishing
away nightmares.

In that page's update TODAY is the warning:
"Many security watchers believe that a new worm, not unlike
"MSBlast" which targeted the previous DCOM/RPC vulnerability, is
virtually inevitable."

How many here even comprehend what DCOM is? Are we to be treated to a
new chorus of whines about how the ghosts of the internet haunt them?
I've had this problem fixed (courtesy of the same site) for several
months. Have you taken precautions? (I note you failed to respond to
my query about how you've fared through this latest attack.)

I can say without fear of contradiction that particular operating
systems (MS) are obviously correlated through history and actuality.
I also host a server on a fixed IP (http://12.230.78.56/) that has
surfed through all these disasters and still winging right along
unfazed. It supports an uncrackable OS simply because my net log
reveals no one is looking for anything but MS code. The only thing
that will crash it will be the log filling up (but no one is going to
find an executable to run - too many clowns and not enough
ringmasters).

As to having missed the point, I offer that part of my message you
missed reading:
Anyway, I have been engaged in a series of emails since this last
posting (with Mike) where he is averaging 1 hit a minute, and me none
for this entire time. By his accounts, it is from newsgroup
harvesting, and it would seem the majority of sufferers here picked up
the infection somewhere else (not rraa). Of the dozen odd other
groups I follow, this topic is alien to correspondents who show no
signs of infection.

These other users were also clearly (through header examination) MS
users. They were clearly not sufferers. That, or the Darwinian
mechanics thinned them out without chance for recovery (another MS
commonality) to complain, warn, or join in chorus of whine.

73's
Richard Clark, KB7QHC

On Mon, 22 Sep 2003 16:36:51 GMT, Richard Clark
wrote:

snip
Should have been the point where you stopped writing.

The security holes are not inadvertent mistakes that anyone could have
suffered in the face of such a monumental work as Windows. These
holes (and I am not talking about the current round of affairs, as
neither was J. McLaughlin) are deliberate design "features" that
Chairman Bill and MS claim to be what the user population clamor for.

Richard, you reminded me of things I had long forgotten.
I've been around this stuff since before there was a Microsoft.
I purchased my own PC in 1979-1980. We called them PC even before IBM
was given the copyright...much like MS and DOS. sigh

In other words, insecure software is being deliberately constructed
and sold for the express purpose of satisfying Market issues. MS is
quite blunt in this admission, and aggressively so! Many years ago,
the computer community bewailed MS's determination to allow raw
sockets to be made available at the user level. As you are "not a
programmer" you probably never heard this debate, and yet it is part
and parcel to the features of insecure design. MS snubbed the
security experts (Not Invented Here syndrome) and went their own way -

Although I'm not an MS booster, I've had to use it to stay compatible
over the years. I do take exception to their ethics and lack there
of. OTOH, as much as I hate to admit it, I truly believe that had MS
not gone for the "Market" we wouldn't have the abilities we have
today. And...yes that can be taken two ways and both are correct.
sigh

the body count over those same years testify to it in the millions.
Unfortunately the income measures in the billions and security is
buried in the digits with the corpses of dead machines.

The feature called DCOM is so insecure, that it leads the way in
current hacker fields of delight. DCOM is a patchwork quilt of an
older Marketing concept called COM (which has been largely ignored by
software professionals such that MS tried to "sex" it up by adding a
"D" to make it "Distributed," yet another Market slide) which in turn
was spun off from OLE. All of these have technical basis in
implementation, but were designed in whole ignorance of security
requirements. You have absolutely no need for DCOM, and yet as a
service to you MS has deliberately left access to it on your machine
open to anyone on the internet.

None of these issues are trivial. None of them require poking and
prodding to discover or crack. None of them came without advanced
warning (and one site has had fixes months in advance of MS). None of
them were designed by accident, or through the misfortune of Windows
being too complex to debug 100% faithfully. What is worse, MS even
submitted a security patch in the last two weeks that did not work!
Making allowances for them is generous in the extreme.

I guess I'd have to be generous and say I doubt they released the
patch that didn't work on purpose...It's bad for their image.


I note that you post from a revolving IP, such that if you had not, I
could have connected to your machine to give you a demonstration of
how open you are to attack. It involves a command built into NT that
is designed EXPRESSLY to allow me to do this! I don't need hacker
tools, just a DOS session and the command line interpreter will do the

A few years back, I was receiving an inordinate number of viruses
which more correctly were mostly worms. I'd take the IP and head for
what looked like the culprit in the above manner. I verified that was
the source and then sent them an e-mail, or looked up the phone number
and called. True, I didn't track all that many down, but I still
found a bunch and those e-mails had given me the machines address.
Back them dynamic IPs were the norm, not the static IPs on the
broadband of today. BTW, many of those systems would have been very
easy to log in as I was basically in the same position as any user
when they are at the boot up screen. OTOH, I had no desire to root
around in someone else's system and particularly if it most likely
had a virus.

I can't imagine going on the net with an MS system without a firewall,
virus checker, "cookie cruncher" and "SpyBot". I don't use MSs
firewall either and I avoid "Passport" like the plague.

IF MS would just set the defaults to off, it would be a big
improvement, but their market base wants all that stuff that opens
them to the whole wide world.

It's not just individuals who want that fancy stuff either.
My wife has used one of our computers for several years to keep a
large database for a pretty big organization. That database comes
with a complete set of macros and VB programming to make it user
friendly. I have the security features now set to prevent that stuff
from running automatically. If they want her volunteer time they are
going to have to create a stand alone program to use the database as
our system now strips that stuff off on receipt. Maybe it's overkill,
but I don't like the idea of a program having the ability to run
macros and VB when it is opened. Either is quite capable of doing any
operation on my computer that I can and probably no few that I don't
even know about and my degree is in CS.

rest. If you ever consider moving up to townsqr's hi-speed
connectivity, you better get these on-ramps to your system controlled!

It's interesting to sit here was watch port probes repeatedly move
through the list trying to find a way in. If I did not have a fire
wall they'd be in on the first try.

One day I saw a familiar address as the source of the probes. I
called my ISP and asked them to check out an IP that was probing my
machine. There was a long pause and then the exclamation..."That's
one of OUR IPs"! "Yah, I know...I think you guys have picked up a
termite." To top it off I use multiple layers of isolation and they
were still probing the one machine. Just the one, none of the others.

So, from the marketing standpoint the MS approach has been extremely
successful, but a disaster from the security standpoint.

OTOH, had some other system such as LINUX, or UNIX been adapted to a
user friendly GUI (I mean man-on-the-street friendly)

No system is completely invulnerable, but I wonder what the state of
the art for users and security would be had a more secure route been
followed? Would the industry have progressed as fast? would
redirected energy from crackers eventually have created as much of a
problem? Would we have near as many people capable of interacting
world wide?

All hypothetical questions as there is really no way of answering
"what ifs".

What we do know beyond the history is that the "ordinary" users are
not truly computer literate and no amount of education and training is
going to make them give up those fancy features that open their
computers to the whole wide world and I don't mean internet.

Roger Halstead (K8RI EN73 & ARRL Life Member)
www.rogerhalstead.com
N833R World's oldest Debonair? (S# CD-2)


73's
Richard Clark, KB7QHC