Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Feb 2004 22:09:27 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        luke@themango.org
Cc:        freebsd-questions@freebsd.org
Subject:   Re: My fault or just Spam
Message-ID:  <20040218220927.GA57070@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <45614.207.43.195.204.1077067743.squirrel@www.themango.org>
References:  <45614.207.43.195.204.1077067743.squirrel@www.themango.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 17, 2004 at 07:29:03PM -0600, luke@themango.org wrote:

> Anyhow, within the month that I've had my server running I've been
> recieving numerous emails that are obviously malicious to Windows users
> (i.e. contain an attachment with some random-letters.exe and nonsense
> about a patch). In short my concern is not that me or my wife will run
> this, sense we don't use Windows, but whether these emails are just spam
> or if it is my fault.

Not your fault at all.  The 'net is being plauged at the moment by a
series of Windows worm programs that attempt to spread themselves
through e-mail.  Once the infect a machine, they send e-mail to
addresses listed in uers' address books, and also forge the sender
address using the same source.  See,
eg. http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.b@mm=
=2Ehtml

This means that you and I, as innocent and uninfected bystanders will
be deluged in three types of message as a consequence:

   i) Messages from the trojan program attempting to propagate itself.

  ii) Bounce messages from the mailer daemon saying that messages of
      type (i) couldn't be delivered, sent to the forged sender
      addresses.

 iii) Really annoying messages sent by some dim-witted anti-virus
      software accusing you of sending virus infested e-mails.  These
      are completely pointless, as the sender addresses are forged,
      and the AV software writers should know that.

In fact the huge flood of messages of type (iii) have outnumbered the
messages of type (i) in this latest outbreak.  AV software writers
making themselves part of the problem there, rather than the solution.

As FreeBSD users we can, of course, act all smug about this and just
set our spam filters and AV software to dump all of the (i), (ii) and
(iii) types of message into the bit-bucket.

If you want to test your machine to see if it is providing an open
relay, go to http://www.abuse.net/relay.html and follow the
instructions.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAM+KXdtESqEQa7a0RAkWQAKCKyQ3ztcrF6nkD8p8oBXeRWlAB+ACgi8B9
WXj2K3Lwdk1UqzfX3xbLoys=
=7ClP
-----END PGP SIGNATURE-----

--CE+1k2dSO48ffgeK--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040218220927.GA57070>