D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] [OT]Windows Viruses



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kegs wrote:
> On Tue, 2003-03-04 at 11:52, Theo Zourzouvillys wrote:
>
> I must be really unlucky to have got sent the same virus twice by
> different people then, but I can see it getting quite common
as it has
> only been out in the wild for about a week I *think*

Join any mailing lists recently, post to any big mailing lists,
or popular newsgroups?

Then the infection probably spread from one recipient to another
poster on the same list, who then passed it on.

The GNU Chess list is plagued by copies of (Klez I think) which
uses the subject line "an interesting game" (or similar amongst
others), and enough people have got "bug-gnu-chess" in their
address books, and it is an "open" list....

I now run a 10Kb limit on that list which catches the vast
majority (and sends me an e-mail every time - argh.....) and
very few bug reports.

At one point a post to the mailing list version of
comp.protocols.dns.bind would get you a selection of 4 or 5
viruses. Typically Klez replies to unread mail.

The worst was posting to gnu.announce which got me a continual
stream of viruses, you'd think people there would know better
than to use Microsoft mail clients, although I suspect only a
handful of infected machines were responsible for the deluge of
viruses.

Indeed one I tracked down, the guy claimed the virus was a fake
and not from their domain at all, however the SMTP handshake
completed with their mail server just in advance looked pretty
genuine to me, so some are so clueless as not to find infection
even when the mail is going through their own mail server, and
told to look. I got subsequent viruses from the same location.

I think you've just been lucky to escape being sent more in the
past, a lot depends on how well known your e-mail address(es) are.

As for Kai claims that antivirus is "Off Topic" in a Linux group
- - there are viruses out there - just not very many or very
virulent - but Linux is not free from malicious code.

However telling people you have virus checked an e-mail is at
best totally pointless (unless you're the antivirus vendor doing
viral marketing), and at worst will lead them to trust such
stupid proclamations and spread more viruses.

When shipping Windows executables of free software I make an
explicit point of saying I don't (necessarily) virus check them,
let us get the responsibility in the right place.

We need more use of jails, sandboxes, and security managers.

 Simon
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+ZLnrGFXfHI9FVgYRAlwuAJ9BSQ8vmv2U5sPQtYr7jnEyO4LniwCePZrz
yBh9SlMMyIW1OL9bqwRBHMA=
=dPY9
-----END PGP SIGNATURE-----

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly