Posted on 01/29/2004 12:57:10 PM PST by honeygrl
This is most likely a dial up, or DSL connection. Send the complaint to abuse@comcast.net. My experience with this indicates that people frequently receive trial subscriptions solely for the purpose of originating spam. Recently, a wireless spot in a hotel was used to originate spam.
Text based spam is bad enough, but when it includes viruses and trojans, the problem is compounded. CNN suggested this current virus could cost over $250M.
Open Relays pose a problem, as do trial subscriptions, and temporary email accounts. Even though fewer open relays exist in the US, the emergence in 3rd world countries will only increase this problem.
The real challenge is that the existing email protocol cannot authenticate who really sent the email. The advocates for updating the protocol are dwarfed by the advocates for keeping the existing protocol due to the anticipated cost for making the change. Existing applications are based on the current protocol and they would have to be changed.
The CAN-SPAM Act fails because it requires you to identify who sent you the spam. When it comes from a 3rd world country, that will not happen. When the spammers spoof the headers, again you cannot identify who sent the email.
It's my understanding that W32.Mydoom.B (the one that includes DoS's against both SCO AND Microsoft)is a whole new variation of W32.NovargA (the original MyDoom SCO worm)and is not, to my knowledge, "updating" the original package in the wild. If you have information to the contrary, I'd be interested in seeing it.
I see your finally starting to understand the dangers of computer criminals? That's actually the first post ever I've seen you make where may be actually starting to realize that policing of the internet is a forgone conclusion.
There are some really bad people out there on the net, and they used to just pirate other's property, giving it away for free all over the world, but now they're launching bombs out there. These "loosely knit groups of hackers from around the web" (kernel.org) have to be watched closely. I'm amazed and hopeful you're starting to see the light. More likely, just a temporary flash.
From the discussion of Novarg.B on Symantec Security Response (see #11):
The worm also contains functionality which allows it to install itself on systems which may have been infected by W32.Novarg.A@mm. This is accomplished as follows:
So basically this guy can send out a new worm at any time to modify the behavior of the old worms. I think it's against the law in the United States to invade someone else's computer, but perhaps a "white hat" in some other country could send out an update that kills this thing, and then deletes itself.
It's insane how infected some of these broadband ISP's are with this stuff, a virgin system gets popped within 10 mins on a lot of them. They're going to have to better authenticate, and the more you'll pay the sounder your service will be. You can already join one of the major ISP's and get similar protetion now, but some would rather ride these big waves anyway. So it will never end, some will just better isolate themselves from it.
Oversight- I keep 7.1 on my machine and like it fine... far as the other 2 go, I have used them in the past, but darned if I can recall offhand that border feature- I suspect you can do it, but can't say for sure.
At the very least, the broadband and dsl providers ought to be stopping smtp traffic from their clients, or at least making arrangements for an authorization process to enable it. I stop the majority of spam from hitting my mail servers by using RDNS, and blocking all the address spaces assigned to China. AOL is testing the new SPF (Sender Permitted From) DNS extention, and I'm waiting to see how that turns out.
Someone did write such a thing kill the blaster worm. Unfortunately it was so agressive, it would overload networks just from the sheer volume of scanning it was doing.
They don't want to turn anything off, unless they turn it all off, then the customers all raise hell and threaten to drop. The ISP's seem to be at a break even point though, no way to add staff or features like security without raising their rates, something nobody wants, but maybe inevitable.
I think that may be welchia. I'm not in favor of much vigilante justice, there's enough lose cannons out there as it is. And there's a tremendous amount of bluring of the lines between the "black hats" and the "white hats" right now, including these 'security firms' that release newly found exploits straight onto the open internet without first notifying the vendors and giving them a chance to build a patch first. But you can't have a "mob rules" world out there, which it is turning into.
All the same, as far as I know. The latest versions of Outlook with very latest patches applied won't let you open any attachment without saving it first, or at least that is my understanding. You could be hyperlinked, but that would typically require a corrupt host for you to connect.
Of course, A/V protection is a higher level of protection, from the client to the server on to the perimeter if you control it. With that updating signatures constantly, only the immediate impact of a virus not yet defined by your A/V vendor and pushed to your protection points can even get to your Outlook client. Still happens, on rare occassion even with the best perimeter defense, but then you have the other protections I've mentioned along with user education.
If you have any sort of permanent connection you should update every day. Usually the mid morning to early afternoon signatures have been built to block whatever comes from overseas that day. But you have to do this since even what may seem as extreme precaution may not be enough, as the virus sometimes advance in front of the virus, although that actually did not seem to be the case with MyDoom, there are just a lot of people who aren't upgrading fast enough that got caught and accidentally clicked those files. Bottom line, treat the dangers of the internet with deserved respect, and you'll be fine.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.