SPAM and Virus Risks when posting

Discussion in 'MCSD' started by bi-ker, Sep 22, 2003.

  1. bi-ker

    bi-ker Guest

    Late last week my mailbox started being hit by VIRUS/SPAM
    at the rate of one item every 20 seconds. I attribute the
    problem to using a genuine email address in the MS News
    Groups. Before I get into this, I should explain why I
    still use a genuine box.

    My email account above is one of many owned by me and is
    one of my oldest. Therefore I get a very high ratio of
    SPAM to genuine content. Still I like to be contactable
    particularly by past associates so I struggle on with it.
    AT&T provide some very useful filtering tools. They also
    allow you to direct SPAM as detected by Brightmail to a
    graymail folder, i.e. you never see it.

    I also use a tool to pre-vet the mail before downloading.
    This tool checks mail against lists of known SPAM senders
    as provided by SPAMCOP and others and gives me the chance
    to delete or bounce mail without even downloading it.

    The VIRUS/SPAM lines were eliminated by none of these
    defenses.

    On examination it would appear that they are related to a
    virus named Gibe-F and Swen. This arrives as an e-mail
    attachment masquerading as a security patch.

    It exploits vulnerabilities in Internet Explorer that most
    of us more responsible people have patched already. Users
    opening the e-mail get a message saying, "This will nstall
    Microsoft Security Update. Do you wish to continue?" But
    experts say the worm installs itself even if the user
    clicked "No".

    Once an attachment carrying the virus is opened, the Gibe
    worm starts spreading and producing authentic-
    looking 'install and update' windows.

    While doing so, it searches hard drives for e-mail
    addresses and begins mass mailing out additional copies of
    itself and attempts to render inactive existing security
    and anti-virus products, opening users up to future
    vulnerabilities.

    So it would seem that I was being targeted by infected
    computers running in networks connected to ISP's all
    around the world: Germany, France Netherlands, Canada, USA
    (5) and Australia.

    What I found puzzling was why my email address would be
    found on the PC hard drives of so many computers around
    the world. Then it occurred to me that it must be related
    in some way to my having used it in these News Groups.

    Perhaps there are many users out there who read from these
    groups and details get left behind in the download cache.

    Anyhow I was able to set up a filter at AT&T that filters
    out and rejects all of this mail but with some risk in
    rejecting genuine mail. So I will continue on with my long
    serving email address. I do understand however why others
    may choose not to risk a genuine email address.

    Question: Has anyone else had similar experiences?

    Question: In an open news group like this one you can say
    just about anything you like, but you need to be
    identifiable just in case you slander someone. How then is
    this going to work if everyone uses false email addresses?

    Question: The current mail system is based on a standard
    RFC821 developed twenty two years ago. It seems totally
    out place in a modern world. What is being done and what
    can be done to rectify this problem?

    Question: When your mailbox is being bombed by this sort
    of malicious material, should the Internet Service
    Providers be allowed to do a Pontius Pilot and wash their
    hands of the problem?

    The lines are open.
     
    bi-ker, Sep 22, 2003
    #1
    1. Advertisements

  2. bi-ker

    Kline Sphere Guest

    AT&T provide some very useful filtering tools.

    As well as being one of the biggest sources of spam outside the Third
    world.
     
    Kline Sphere, Sep 22, 2003
    #2
    1. Advertisements

  3. bi-ker

    Sam Warwick Guest

    Hi Bi-Ker,

    I've been having the exact same problems over the past
    few days. Now you mention it, this all started when I
    first posted to this group last week. I still continue to
    use my own email address for all the reasons you describe.

    So far I've been filtering the virus because its a large
    file and I have Eudora set to reject files over 20k by
    default. I just select to download if I know its
    something genuine that I want. It seems that most of the
    mails are sent as executables. I'm contacting my POP
    provider to request to automatically reject any email
    with a .EXE attachment. There should never be a reason
    for accepting an exe since if its a file you genuinely
    need then it could be sent as a zip.

    Its all very frustrating. Especially since these days I
    use my mobile phone and palm to collect email. Don't know
    what the best solution is. Its ironic if this virus was
    picked up due to a Microsoft web-site!

    Sam
     
    Sam Warwick, Sep 22, 2003
    #3
  4. bi-ker

    Kline Sphere Guest

    Does your ISP not block emails containing viruses???

    You can always use a filtering program which does not require the
    whole email to be downloaded in order to determine if it's crap or
    not.
     
    Kline Sphere, Sep 22, 2003
    #4
  5. bi-ker

    Jim Parker Guest

    It is REALLY UNWISE to use anything other than a throw-away account as your
    email address in ANY online service, ESPECIALLY newsgroups.
    Unless you like spam, that is.

    JD.
     
    Jim Parker, Sep 22, 2003
    #5
  6. bi-ker

    Peter Guest

    Hi Bi-Ker

    I have been infected by the blaster worm. Let me tell you
    how it happened.

    I registered for a Broadband connection with an english
    company called NTL. To register I needed to take off my
    firewall which I did.

    The registration went well and I was on line in about 2
    minutes, and as soon as it was done I put my firewall back
    on, good you may think.

    Within the two minutes I was infected by the blaster worm.

    I have also had emails from people claiming to be ebay and
    I need to put in my financial details again.

    My point is this. Nowadays you can not be too paranoid
    about your PC.

    Look at the top of this email and you will see I have a
    dummy e-mail.

    I have firewalls and anti virus's on my PC.

    I Never reply to someone I don't know.

    I never click on a link to say "If you want to stop
    getting emails select this link"

    I Never open an attachment other than from someone I know
    personally.

    I always perform my upgrades from the actual web site
    rather than an email to say upgrade here, even if they
    include the link.

    Be Paranoid, Be Safe ;)

    Peter
     
    Peter, Sep 22, 2003
    #6
  7. bi-ker

    Simon Smith Guest

    :)

    If you're using Outlook, get SpamBayes at
    http://starship.python.net/crew/mhammond/spambayes/

    I'm getting these things also, and not one has ended up in my inbox.
    Really pretty impressive!
     
    Simon Smith, Sep 22, 2003
    #7
  8. bi-ker

    Kline Sphere Guest

    I registered for a Broadband connection with an english
    Why on Earth did they say 'take the firewall down'? Naturally you have
    made a fortune with the lawsuit!
     
    Kline Sphere, Sep 22, 2003
    #8
  9. bi-ker

    Kline Sphere Guest

    The problem with these types of addins (I assume this is the case with
    this one too) is that the whole email is still downloaded and
    'filtered' on your PC. There are programs (not hard to write one
    yourself), which simple get the email headers, which can be checked to
    determine if is spam, without downloading the whole email.
     
    Kline Sphere, Sep 22, 2003
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.