Re: CRIME SOBIG ADVISORY

From: Steve Beattie (steve@private)
Date: Wed Aug 20 2003 - 17:35:25 PDT

Next message: Zot O'Connor: "CRIME [Fwd: [PLUG] Second Oregon open source bill scheduled for hearing]"

Previous message: Mailadmin@private: "CRIME Your details"
In reply to: Kuo, Jimmy: "RE: CRIME SOBIG ADVISORY"
Next in thread: alan: "RE: CRIME SOBIG ADVISORY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 20, 2003 at 02:48:11PM -0700, Kuo, Jimmy wrote:
> Are you referring to the situation where you get the Undeliverable message
> because your name got forged in the From field, or about warnings issued by
> AV companies on all the viruses, or both?
> 
> OK, sounds like the latter.  Sorry about that.  We do tell people not to
> forward virus warnings, because that's how hoaxes circulate.  Rather, they
> can/should forward just enough and make sure to have include a URL that will
> actually have the lengthy explanation.  (And also that information might
> change, and be updated, rather than the stagnated original warning.)

No, Alan's specifically talking about automatic responses generated
by anti-virus software, typically running in conjunction with a mail
server. For example, I just received about 15 minutes ago the following
alert:

  From: "Virus Watchdog" <Watchdog@private>
  To: <STEVE@private>
  Subject: Warning: Possible Virus Infection

  This is an automatic message from the Guinevere
  Internet Antivirus Scanner.

  A message was received from you with a subject of  Thank you!
  The message was addressed to fink@private
   The message probably contains a virus.

  You will want to consult with your system administator on how
  to deal with this.

Of course the message had a spoofed From or From: line, so why send me
the alert?

Similarly, when we issue PGP/GPG signed security updates, we routinely
get multiple autmoatic responses back with alerts like:

  GROUP WatchDog/M
  Server: S110LN06/SSKHAN/DE@SpkHannover
  -----------------------------------------------------------------------

  Your mail has contained attachments which caused an error during a virus
  scan. 

There are many offenders out there, and I don't know if any of your
products are guilty of such behavior. If they are, I would urge you to
convince your management that they need to not engage in such behavior.

Thanks.

-- 
Steve Beattie                               Don't trust programmers?
<steve@private>                         Complete StackGuard distro at
http://NxNW.org/~steve/                            immunix.org
        http://www.sardonix.org -- Audit code, earn respect.

application/pgp-signature attachment: stored

Next message: Zot O'Connor: "CRIME [Fwd: [PLUG] Second Oregon open source bill scheduled for hearing]"
Previous message: Mailadmin@private: "CRIME Your details"
In reply to: Kuo, Jimmy: "RE: CRIME SOBIG ADVISORY"
Next in thread: alan: "RE: CRIME SOBIG ADVISORY"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 19:17:37 PDT