[1stPickPCHelp] Don't let an auto-responder fool you

• From: "Mike" <mikebike@xxxxxxxxx>
• To: 1stpickpchelp@xxxxxxxxxxxxx
• Date: Fri, 22 Aug 2003 16:58:05 -0700

Don't let an auto-responder fool you during Sobig worm outbreak
http://www.sophos.com/virusinfo/articles/autorespond.html

Sophos has received reports from customers concerned about auto- responders
that are wrongly accusing them of sending an email infected with the
W32/Sobig-F worm. 

'Sender forging' or 'spoofing' is when an email address of an infected
computer is replaced with another address, often randomly plucked off the
infected computer by the virus. Sender forging is normally done just before
the virus sends itself out to more potential victims. By changing the
address in the 'Sender' field, no one knows who sent the email or where it
came from. 

Some gateway applications that scan email attachments for viral content
email auto-reply when a virus is found. If the 'Sender' name has been
forged, the auto-reply can be received by an innocent party, causing undue
confusion and stress. A false accusation may even harm your company's
relationship with clients. 

"Sobig-F is not the first virus to forge email addresses," said Carole
Theriault, technology consultant at Sophos Anti-Virus. "Other notorious
viruses such as Bugbear, Fizzer, Mimail and Klez have also used spoofing.
The confusion generated has often allowed viruses to spread faster and
wider." 

Sophos recommends that users do not respond to emails from auto-responders
accusing them of being infected and spreading the Sobig-F worm. However,
they should consider double-checking their computers for the latest viruses
just in case they are genuinely infected. 

It is also advisable to run email gateway scanners such as Sophos
MailMonitor to block viruses from being sent into or out from a network -
however, as seen above, Sophos advises that setting up an auto-respond
mechanism is fraught with problems.
++ There is more on the web site.

I hope this helps.

Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www.mwn.ca/ UPDATED 22/08/03
See my Anti-Virus pages  UPDATED 22/08/03
<http://www3.telus.net/mikebike/mikes_virus_page.htm> 
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance Charter Member 



~*~*~*~*~
Was this forwarded to you?  Want to subscribe?  Send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject of "info 1stpickpchelp" without the 
quotes.

If you wish to unsubscribe from our list send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
1stpickpchelp-moderators@xxxxxxxxxxxxx
~*~*~*~*~

Other related posts:

• » [1stPickPCHelp] Don't let an auto-responder fool you

1. Home
2. 1stpickpchelp
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---