top bar
QuickTopic free message boards logo
Skip to Messages

TOPIC:

Sobig Sobad

^     All messages            12-27 of 27  1-11 >>
27
Charlie StrossPerson was signed in when posted
08-20-2003
03:49 PM ET (US)
Did I say thirty viruses?

That was yesterday.

Today's running total: 292 and counting.
26
Eli the BeardedPerson was signed in when posted
08-20-2003
03:49 PM ET (US)
I read mail from the shell, but the mailserver upstream from
my Unix box is barely able to function due to the load.
fetchmail will get one to ten messages and then timeout.
I've still got close to two thousand messages still on the
server waiting to be downloaded. Anything that has the SoBig
virus (or the most common virus filtered message I get) will
be shunted aside by procmail, but that still leaves a slew
of other virus filtered messages and autoreplies from those
that went out with addresses then end up in my in-box.
25
CheemPerson was signed in when posted
08-20-2003
02:01 PM ET (US)
http://www.mail2web.com

It's a little slow, but at least you don't need to download all the bodies.
24
johanPerson was signed in when posted
08-20-2003
12:33 PM ET (US)
friends don't let friends run insecure OSs.

Or at least friends on the whitelist. It's the same as letting friends get by without basic hygeine. It's just rude.
23
Heat MiserPerson was signed in when posted
08-20-2003
11:38 AM ET (US)
So, Nic, no one on your whitelist has been bitten by this worm, I guess. But it's only a matter of time before that happens, yes? And a whitelist won't keep that from happening, if I read your link correctly.
22
sfarmer76Person was signed in when posted
08-20-2003
11:38 AM ET (US)
I've encountered the occassional random virus while using Windows-based PCs before, but this Sobig virus is simply off the charts.

The place where I have a free email account has stopped 30+ Sobig infected files per day (and climbing) for the last two days.

Subject lines read:

"ThankYou!"

"Re: Wicked Screensaver"

"Re: My Details"

"Re: That Movie"

"Re: The movie"

"Your Details"

"Your Application"

"Re: Approved"


Interestingly enough, several also use forged headers for Direcway.com.
21
lhlPerson was signed in when posted
08-20-2003
11:23 AM ET (US)
Email *is* fundamentally broken Sakusha, just not in the way you're thinking. While the propagation is due to Windows vulnerabilities (exacerbated by how easy MS email products make it to run executable attachments), the problem that most of us have are the flooded bounces etc due to the forged headers. This highlights the same weakness that spam does in the email infrastructure - the only header that can ever be trusted with certainty is the first Received header. This is unacceptable.

It seems to me that one could pretty easily fix this problem by having each MTA digitally sign the headers. While perhaps resource intensive, it would certainly create a trusted path, and could be done completely voluntarily (ie, deployed when the cost of sifting bad emails outweighs the cost of the decrypting the signatures of each message).
20
tomkPerson was signed in when posted
08-20-2003
11:19 AM ET (US)
As for ISPs not wanting to store email and use IMAP, that is not always the case. My personal mail account is with "fastmail.fm" which is IMAP based. They charge extra to use POP :-). A basic account is free and the paid accounts are reasonably priced. Highly reccommended.

The SoBig exploit can be blocked by antivirus software, but most people are too cheap or lazy to use it. Who could blame them? It's not like users with virused computers suffer any sort of consequences for their laziness. If ISPs started blocking its customers and charging them a fee to reconnect (ok, give them one freebie), I bet this situation would improve.
19
SakushaPerson was signed in when posted
08-20-2003
11:06 AM ET (US)
Email is NOT "fundamentally broken." Microsoft Windows is fundamentally broken. None of this would be happening if not for a specific Windows vulnerability.
18
Nic WolffPerson was signed in when posted
08-20-2003
11:03 AM ET (US)
Whitelists, people. I haven't seen one spam due to SoBig.
17
Erik V. OlsonPerson was signed in when posted
08-20-2003
09:21 AM ET (US)
Extra88: IMAP is predicated on storing the email on the server, not the client. ISPs don't want this, because they don't want to store email, You can use IMAP to store-and-forward, much as POP does, but it's non trivial.

Also, the two big IMAP packages take much more admin time to setup and maintain than the various POP packages.
16
Erik V. OlsonPerson was signed in when posted
08-20-2003
09:19 AM ET (US)
Oren makes a good point -- assuming that "From:" is where the mail is from is bad bet. If you know how to read the full headers, you can trace it back, but hitting "reply" and flaming away does no good.

Mark (and anyone else with slow connections who's getting slammed by the emails) Set you pop client to download headers only, delete the worm mails, then reconnect and get the real messages. How you do this, alas, is software dependent. Another hack is to set your email to download only messages of a small size (say, 5K) -- since the worm has a large attachment, this will keep you from downloading them. Most email clients have a way to tell them to download the large ones you really want. At some point, however, you need to delete the worms off the server before you exceed quota.
15
extra88Person was signed in when posted
08-20-2003
08:34 AM ET (US)
/m3, webmail adds too much overhead, what with the graphics (often ads) and all. Of course there's the html code itself which, unlike some of the graphics, can't be cached. /m4 shell access is the most svelte, bandwidth-wise, but the next best option is IMAP. IMAP sends you just the headers until you choose to open a message. If you had messages you thought were virus laden but you weren't sure enough to delete, you could just move them into another folder on the server to check later over a better connection (or when you have more time) and it only needs enough bandwidth to send the move command and a little info back to update the mailbox index. It's crazy that IMAP isn't more commonly available from ISPs.
Edited 08-20-2003 08:35 AM
14
Oren SreebnyPerson was signed in when posted
08-20-2003
07:17 AM ET (US)
The propagation of this virus certainly gives some credence to:

- those who say that email virus scanners should not try to report virus-laden messages back to the (purported) sender.

- those who are maintaining email is a fundamentally broken technology.

sigh
13
Charlie StrossPerson was signed in when posted
08-20-2003
04:25 AM ET (US)
Me too. Linux geek, Mac OS/X geek, not a Windows box in the house -- still hasn't stopped me receiving about 30 virus-laden emails running to >3Mb of crap. And the bounces are beginning to come in (from virus payloads that have forged my address as the sender).
12
Stefan JonesPerson was signed in when posted
08-20-2003
02:07 AM ET (US)
We'll get you yet Mr. Wiggens, BWAH-Hah-hah!

-- Franny the Phage
^     All messages            12-27 of 27  1-11 >>

Print | RSS Views: 1400 (Unique: 939 ) / Subscribers: 0 | What's this?