[THIN] Re: OT: viruses spoofing my e-mail addy
- From: Henry Sieff <hsieff@xxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 20 Aug 2003 11:55:38 -0500
Oh yeah, welcome to the brave new world.
Since Monday, we are seeing a 100 fold increase in spoofing massmailer
emails. Opening up the headers and examining the path of servers the email
took to its destination is the only way to identify the originating machine
or mail server (SOBIG.F has its own SMTP server, so mostly it just contacts
the destination mail server directly).
The problem is that there isn't a single mail server AV product out there
'smart' enough to interpret these headers, and most people who run mail
servers don't understand that. So, they happily let the AV software read the
(easily forged) From: header and direct its alerts to whoever is listed in
there.
The amount of fun this can cause is amazing, as mail servers take one mail
message and multiply it by two (the alerts) or three (what happens when the
From: doesn't exist but the domain does?) or more (the various permutations
are limited only by your imagination).
Basically, the only moral thing to do is turn off emailed autoalerts on mail
server AV software until it gets better.
Henry
> -----Original Message-----
> From: Ron Oglesby [mailto:roglesby@xxxxxxxxxxxx]
> Sent: Wednesday, August 20, 2003 11:06 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] OT: viruses spoofing my e-mail addy
>
>
> Just wondering if anyone else is getting messages from other people
> gateways saying they got a virus attachment from your mail box addy.
>
> I have gotten several this am and the exchange server,
> MetaFrame boxes I
> am using all show as clean. Which leads me to believe that since my
> address is out there so much on the internet that it is being
> spoofed as
> the reply to:
>
> Comments?
>
> Ron Oglesby
> Senior Technical Architect
>
> RapidApp
> Office 312.372.7188
> Mobile 815.325.7618
> email roglesby@xxxxxxxxxxxx
>
> ********************************************************
> This Week's Sponsor: RES PowerFuse, The Management Framework
> for Windows
> Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs
> Manage, Control, and Secure an Entire Windows environment
> with Ease, including Real-time Reporting and Documenting Components
> Validate a Meaningful ROI on All of your IT Investments with
> RES PowerFuse.
> http://www.respowerfuse.com/
> **********************************************************
> Useful Thin Client Computing Links are available at:
> http://thethin.net/links.cfm
>
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link:
> http://thethin.net/citrixlist.cfm
>
********************************************************
This Week's Sponsor: RES PowerFuse, The Management Framework for Windows
Eliminate Multiple Tools, Multiple Support Channels and Multiple Costs
Manage, Control, and Secure an Entire Windows environment with Ease, including
Real-time Reporting and Documenting Components
Validate a Meaningful ROI on All of your IT Investments with RES PowerFuse.
http://www.respowerfuse.com/
**********************************************************
Useful Thin Client Computing Links are available at:
http://thethin.net/links.cfm
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
