I agree that there is a problem with these replies nowadays, but I do not see the loop? How does A restart the cycle? All I see is that A potentially receives massive amounts of these "virus messages" (which of course can be a problem). Am I missing something? Rainer > -----Original Message----- > From: Fabio Gomes de Souza [mailto:bugtraqat_private] > Sent: Thursday, August 28, 2003 3:05 PM > To: bugtraqat_private; full-disclosureat_private > Subject: [Full-Disclosure] AV "feature" does more DDoS than Sobig > > > Hello, > > Anti-virus products are causing more harm than the Sobig Worm. > > Some of my customers are having the following problem: > > B = Customer of my customer (infected) > C,D,E = Some random company (victims of Sobig) > A = My customer (victim of AV marketing) > > The Sobig worm infected B. > > In its propagation loop, the worm composes a message, chooses > two random > items in the Address Book, and puts the first in the "From:" and the > second in the "To:" header. Then all virus messages are spoofed. > > The problem is that many e-mail virus scanners send a "You > are infected" > reply to the address contained in the "From" header. Since > the messages > are spoofed, the inoccent, uninfected user "A" is flooded by > automatic > complaints from "C","D","E" regarding the virus that "B" sends. > > Anti-virus companies seem to spend more money on marketing/visibility > than on actually protecting their customers. This marketing > stupidity is > done by adding USELESS features, which spreads false information and > delivers false sense of security: > > - "You're infected" reply (false positive) > - "This message is 100% virus-free certified" signature > line (false > sense of security) > - Anti-virus buttons on Internet Explorer toolbar (just > to launch the AV) > - Splash screens every time you: > - boot your computer > - send e-mail > - check pop3 e-mail > - turn your computer off > - System tray useless icons (in some AVs, the system > tray icon does > nothing except for launching the AV program) > - Redundant shortcut icons in Desktop, Start Menu root, > Quick Launch > and Start Menu program folder > > This kind of stupidity from AV companies makes me hate them > more every day. > > -- > Fabio Gomes de Souza <fabioat_private> Fone: (81) 9127-0597 > > GS2 TECNOLOGIA DA INFORMAÇÃO LTDA > - Infra-estrutura de TI, segurança, sistemas embutidos e Linux > - Consultoria, planejamento, implementação e gerenciamento > http://www.gs2.com.br negociosat_private (81) 3492-7777 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Thu Aug 28 2003 - 08:13:17 PDT