On Sat, 30 Aug 2003, Dean Anderson wrote: How beautiful to be immune behind an open-source kernel;) The rest of the world worries. I eat a sandwich. Scott > > > On Fri, 29 Aug 2003, David Frascone wrote: > > > With the current virii usually forging the from field with random > > addresses from its victim's address book, I turned off my virus > > scanner's warning to the senders . . I only send a polite note to the > > intended recipient. > > Don't do that. That is quite likely what the Virus writer wants you to do: > Stop notifying people about infections. The worst that happens is that > people get notifications, and update their anti-virus, which finds > nothing. The best that happens is that the headers included in such a > notification reveal the IP address of an infected zombie. > > Also, in the current cases, I don't think the addresses aren't taken from > address books. I'm getting responses to addresses that haven't been used > for email and addresses that haven't been used in years. Certainly, these > aren't in anyone's address book. In one case, the address is on a little > used web site (but even spammers rarely spam it, and in another, its in a > reasonably public area, but not used) > > The Virus writer obviously went to some trouble to pick valid addresses. > It stands to reason that they expect that someone is getting mail to these > addresses. It also stands to reason that the abuser expects those persons > to get Virus notifications. > > Most probably, virus notifications tend to frustrate the purposes of > the Virus operator, since the infected will not stay infected. It seems > possible that the virus operators are trying to manipulate people to stop > sending or responding to virus notifications. > > In past cases, the forged from address was the target of the abuse: the > abuser hoped to have people block mail with the common from address, thus > getting some measure of revenge on that person. Most people have > filtering on From: addresses for this reason. > > The best thing to do in response to such an attack is to do things that > frustrate purposes the abuser, catch the abuser, or nothing at all. > Never succumb to what might be a desired manipulation--That only > encourages more abuse. > > > --Dean > > > > sleekfreak pirate broadcast world tour 2002-3 live from the pirate hideout http://sleekfreak.ath.cx:81/