| Author |
Message |
Tracy Van Niel
Senior Member
Username: tracy_van_niel
Post Number: 60
Registered: 04-2002
| | Posted on Wednesday, January 28, 2004 - 07:36 am: |    |
I have been getting a lot of messages, both yesterday and they're starting up already today, with the new virus. A lot of the e-mails look to be coming from construction related companies, based on the e-mail address.
A curiosity question, with the websites that you have to register to use, does your e-mail address become fair game to the virus if someone in their organization is clueless enough to open an attachment with the virus in it? |
D. Marshall Fryer
Senior Member
Username: dmfryer
Post Number: 22
Registered: 09-2003
| | Posted on Wednesday, January 28, 2004 - 08:45 am: | |
Absolutely. In a best case scenario, your address is added to a corporate database, where it is protected by a well-run IT department. In a second worst case scenario, your address is forwarded to the company's field sales staff, who work out of a home office on a computer they share with their teenage children and whose antivirus subscription expired six months ago. In the worst case scenario, the company sells your address to other marketers for profit.
That is why you should consider creating an "alternate" address, for which you do not accept any e-mail. Use this address on any website you do not fully trust, or do not desire to recieve mail from. |
David E Lorenzini
Senior Member
Username: deloren
Post Number: 28
Registered: 04-2000
| | Posted on Wednesday, January 28, 2004 - 09:07 am: | |
Just a brief word on how a virus or worm usually works.
If you received an infected message (which hopefully your anti-virus software deleted), it did not come from the return address on the infected message. Most likely, your address was in their system when they got hit with the virus. The MIMAIL virus (really a "worm") uses the address book on the infected system to choose a sender and a recipient. Therefore, your best friend could have had both the manufacturer's address and your address in their address book, and the worm selected the manufacturer as the sender and you as the recipient. It doesn't make any difference whether you registered on a manufacturer's web site or not.
The only way you can avoid receiving the worm would be to deal only with correspondents who have installed, and maintained, anti-virus software (and there is no practical way to do that).
Furthermore, if you receive reply messages from people you don't know saying they blocked messages from you containing the worm, don't be alarmed. They received the reverse of what you received--you were selected at random as the sender and the other party the recipient. If they don't know how the worm works, they are probably blaming you for sending the virus or worm.
More information on each virus or worm can be found on any one of the the websites of companies that produce anti-virus software.
|
Tracy Van Niel
Senior Member
Username: tracy_van_niel
Post Number: 61
Registered: 04-2002
| | Posted on Wednesday, January 28, 2004 - 09:52 am: | |
Thanks for the info. I did receive one message this morning telling me that the message I sent to Sheldon Wolfe contained a virus. Considering that I know my computer is not infected and that I did not send a message to Sheldon, that supports what you are saying.
P.S. I just got another "message" and it was from someone at csinet!!! |
Alan Mays, AIA
Senior Member
Username: amays
Post Number: 28
Registered: 02-2003
| | Posted on Wednesday, January 28, 2004 - 10:47 am: | |
I suspect that the 4Specs database has been hit. I just got an email from Lynn Javoroski and I have never sent her an email or had any contact with her. I know my company has shut down our email system and has current virus software so I know that it's attachment has been removed. Either this construction search engine or one of the others has been hit. I visit them all every once in a while, but Colin, this one is still the best! Why I suspect this one, is because it is the only one that I have any email discussions on and use the most. The others might require me to log on or send me email every once in a while.
BTW, Hello (the subject of the email) to you too, Lynn. |
Colin Gilboy
Senior Member
Username: colin
Post Number: 114
Registered: 05-2000
| | Posted on Wednesday, January 28, 2004 - 12:32 pm: | |
Alan,
We do not maintain any database of emails of people posting here that could be attacked.
We send out about 200 emails on each posting. The virus-generated email would be explained this way: if a person receiving copies of postings had a posting from Lynn in their inbox or in a folder, or had communicated with Lynn in other ways, and got the virus, they would send out the virus with the names of every one in their email list or on messages.
There is an interesting technical solution that may substantially reduce spam in the next 6 months. Much of the spam and virus generated email spoof (lie about) the sending address. I get bounces that claim to be from george@4specs.com even though no such email address has ever existed.
This solution is called Sender Permitted From. Essentially when implemented, I can define the permitted outgoing SMTP server (the machines used by all 4specs users to send email). When an email is received at another incoming POP3 email server, that server asks if the sending STMP server is permitted for this domain.
Emails that are from a correct machine will be more likely to be not spam. Emails from a not-permitted machine are much more likely to be spam. This means that return addresses claiming to be aol or hotmail must use the aol or hotmail outgoing servers or be judged as spam. This alone will reduce the spam. AOL and Hotmail will quickly cut off the user if they use the correct outgoing SMTP server.
Here is more information you may want to pass to your IT person.
http://spf.pobox.com/
AOL just this week turned on this feature after a short test. As more domains adopt this, more spam will be caught.
On a related matter, earlier this month our newsletter that goes to advertisers was stopped by my ISP for sending out too many messages. I was placed on a special "white" list of permitted users to help the mailing in February to about 600 people. This shows the controls going into place to eliminate spam and indirectly virus-generated emails.
Colin |
|
4specs.com Home Page