[Dixielandjazz] Antivirus trick

Patrick Cooke patcooke at cox.net
Wed Feb 12 10:54:34 PST 2003

I recently picked up a virus that my Norton 2002 Anti Virus would not get
rid of.  It was just about time to renew the subscription, but instead I
sprung for the 2003 version.  It took care of the problem.  It appears that
the best procedure is to get a new one every year instead of just updating
the old one.
    Pat Cooke

----- Original Message -----
From: "Rob Perry" <ke6jqh at ke6jqh.net>
To: "DJML" <dixielandjazz at ml.islandnet.com>
Sent: Tuesday, February 11, 2003 6:45 PM
Subject: Re: [Dixielandjazz] Antivirus trick

> I don't usually, but it's time to say my piece on this. Unfortunately,
> this trick is still circulating and it's given a lot of people a false
> sense of security. Once upon a time, it was moderately effective. No
> longer. Kak and its relatives were fairly unsophisticated worms, there
> was a high degree of probability that this trick would alert the owner
> of a system that something was wrong.
> I run a centrally managed anti-virus at work for nearly 2000 users. The
> number one worm that we see a day is Klez and its variants. Of 15 to 20
> alerts for Klez a day, our users only find out about it because I have
> the anti-virus server set to tell them.
> Modern worms now use a technique that not only randomly pulls email
> addresses from the address book, but also from the inbox and in some
> cases other mail folders that may be on your system. In addition they
> will also masquerade the sender.
> For instance, Alice, Bob, and Charlie are all friends. Alice gets hit
> with Klez, and it emails Charlie. The email that it sends to Charlie
> claims to be from Bob. Because of the way it alters the message, if the
> message to Charlie bounces, Bob will get the non-delivery report instead
> of Alice.
> True, it doesn't hurt anything to have a bogus email address.
> Unfortunately, don't believe that it will actually alert you to
> anything. If you have questions about how a worm or virus operates,
> Symantec's Library is the best place to start.
> http://securityresponse.symantec.com/
> Rob Perry
> ke6jqh at ke6jqh.net
> Phil O'Rourke wrote:
> > John and others
> >
> > The method you stated has been talked about before. I am not sure which
> > listmate gave the explanation why this does not work as it "logically"
> > seem to but I can remember the thread.
> >
> > It does seem like a good idea though.
> >
> > Phil O'Rourke
> > Australia
> >
> >
> > _______________________________________________
> > Dixielandjazz mailing list
> > Dixielandjazz at ml.islandnet.com
> > http://ml.islandnet.com/mailman/listinfo/dixielandjazz
> >
> _______________________________________________
> Dixielandjazz mailing list
> Dixielandjazz at ml.islandnet.com
> http://ml.islandnet.com/mailman/listinfo/dixielandjazz

More information about the Dixielandjazz mailing list