[Dixielandjazz] Antivirus trick
Rob Perry
ke6jqh at ke6jqh.net
Tue Feb 11 16:45:26 PST 2003
I don't usually, but it's time to say my piece on this. Unfortunately,
this trick is still circulating and it's given a lot of people a false
sense of security. Once upon a time, it was moderately effective. No
longer. Kak and its relatives were fairly unsophisticated worms, there
was a high degree of probability that this trick would alert the owner
of a system that something was wrong.
I run a centrally managed anti-virus at work for nearly 2000 users. The
number one worm that we see a day is Klez and its variants. Of 15 to 20
alerts for Klez a day, our users only find out about it because I have
the anti-virus server set to tell them.
Modern worms now use a technique that not only randomly pulls email
addresses from the address book, but also from the inbox and in some
cases other mail folders that may be on your system. In addition they
will also masquerade the sender.
For instance, Alice, Bob, and Charlie are all friends. Alice gets hit
with Klez, and it emails Charlie. The email that it sends to Charlie
claims to be from Bob. Because of the way it alters the message, if the
message to Charlie bounces, Bob will get the non-delivery report instead
of Alice.
True, it doesn't hurt anything to have a bogus email address.
Unfortunately, don't believe that it will actually alert you to
anything. If you have questions about how a worm or virus operates,
Symantec's Library is the best place to start.
http://securityresponse.symantec.com/
Rob Perry
ke6jqh at ke6jqh.net
Phil O'Rourke wrote:
> John and others
>
> The method you stated has been talked about before. I am not sure which
> listmate gave the explanation why this does not work as it "logically" would
> seem to but I can remember the thread.
>
> It does seem like a good idea though.
>
> Phil O'Rourke
> Australia
>
>
> _______________________________________________
> Dixielandjazz mailing list
> Dixielandjazz at ml.islandnet.com
> http://ml.islandnet.com/mailman/listinfo/dixielandjazz
>
More information about the Dixielandjazz
mailing list