IETF Logo Mail Archive

Re: [Asrg] Viruses

"Mark McCarron" <markmccarron_it@hotmail.com> Sat, 28 June 2003 04:46 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02983 for <asrg-archive@odin.ietf.org>; Sat, 28 Jun 2003 00:46:45 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5S4kIl03817 for asrg-archive@odin.ietf.org; Sat, 28 Jun 2003 00:46:18 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7bO-0000zU-GI for asrg-web-archive@optimus.ietf.org; Sat, 28 Jun 2003 00:46:18 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02974; Sat, 28 Jun 2003 00:46:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19W7bL-0001Es-00; Sat, 28 Jun 2003 00:46:15 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19W7bG-0001Ep-00; Sat, 28 Jun 2003 00:46:10 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7b7-0000wM-6L; Sat, 28 Jun 2003 00:46:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7ae-0000w7-PJ for asrg@optimus.ietf.org; Sat, 28 Jun 2003 00:45:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02968 for <asrg@ietf.org>; Sat, 28 Jun 2003 00:45:29 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19W7ac-0001Ed-00 for asrg@ietf.org; Sat, 28 Jun 2003 00:45:30 -0400
Received: from bay2-f33.bay2.hotmail.com ([65.54.247.33] helo=hotmail.com) by ietf-mx with esmtp (Exim 4.12) id 19W7aR-0001Ea-00 for asrg@ietf.org; Sat, 28 Jun 2003 00:45:19 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 27 Jun 2003 21:44:29 -0700
Received: from 62.253.8.12 by by2fd.bay2.hotmail.msn.com with HTTP; Sat, 28 Jun 2003 04:44:29 GMT
X-Originating-IP: [62.253.8.12]
X-Originating-Email: [markmccarron_it@hotmail.com]
From: Mark McCarron <markmccarron_it@hotmail.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Viruses
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
Message-ID: <BAY2-F33JJGtpXv8CD400002b4b@hotmail.com>
X-OriginalArrivalTime: 28 Jun 2003 04:44:29.0515 (UTC) FILETIME=[F5EC09B0:01C33D2F]
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sat, 28 Jun 2003 04:44:29 +0000

Perhaps you should examine the 'GIEIS' system located here at:

http://homepage.ntlworld.com/giza.necroplis

And also refer to ASRG - The Solution to Spam - The First Response.

This system would kill off the majority of email based attacks on 
unsuspecting users.

I would appreciate your comments,

Mark McCarron.


>From: Walter Dnes <waltdnes@waltdnes.org>
>To: ASRG list <asrg@ietf.org>
>Subject: Re: [Asrg] Viruses
>Date: Sat, 28 Jun 2003 00:26:17 -0400
>MIME-Version: 1.0
>Received: from mc8-f22.law1.hotmail.com ([65.54.253.158]) by 
>mc8-s5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun 
>2003 21:28:11 -0700
>Received: from optimus.ietf.org ([132.151.6.20]) by 
>mc8-f22.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun 
>2003 21:27:17 -0700
>Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org)by 
>optimus.ietf.org with esmtp (Exim 4.20)id 19W7Ij-00086T-JA; Sat, 28 Jun 
>2003 00:27:01 -0400
>Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)by 
>optimus.ietf.org with esmtp (Exim 4.20)id 19W7IL-00085z-5Jfor 
>asrg@optimus.ietf.org; Sat, 28 Jun 2003 00:26:37 -0400
>Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1])by ietf.org 
>(8.9.1a/8.9.1a) with ESMTP id AAA02450for <asrg@ietf.org>; Sat, 28 Jun 2003 
>00:26:33 -0400 (EDT)
>Received: from ietf-mx ([132.151.6.1])by ietf-mx with esmtp (Exim 4.12)id 
>19W7II-00016E-00for asrg@ietf.org; Sat, 28 Jun 2003 00:26:34 -0400
>Received: from dci.doncaster.on.ca ([66.11.168.194] helo=smtp.istop.com)by 
>ietf-mx with esmtp (Exim 4.12)id 19W7I8-000169-00for asrg@ietf.org; Sat, 28 
>Jun 2003 00:26:24 -0400
>Received: from waltdnes.org (ip27-165.tor.istop.com [66.11.165.27])by 
>smtp.istop.com (Postfix) with SMTP id CF13C36948for <asrg@ietf.org>; Sat, 
>28 Jun 2003 00:26:17 -0400 (EDT)
>Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 28 Jun 2003 
>00:26:17 -0400
>X-Message-Info: KtxBqYfPyq2q+b5GbwSpcDYCuxNqEkmv
>Message-ID: <20030628002617.C2360@m433>
>References: <B0000024222@nts1.terabites.com>
>User-Agent: Mutt/1.2.5.1i
>In-Reply-To: <B0000024222@nts1.terabites.com>; from gep2@terabites.com on 
>Tue, Jun 24, 2003 at 01:32:22PM -0500
>Sender: asrg-admin@ietf.org
>Errors-To: asrg-admin@ietf.org
>X-BeenThere: asrg@ietf.org
>X-Mailman-Version: 2.0.12
>Precedence: bulk
>List-Unsubscribe: 
><https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe>
>List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
>List-Post: <mailto:asrg@ietf.org>
>List-Help: <mailto:asrg-request@ietf.org?subject=help>
>List-Subscribe: 
><https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe>
>List-Archive: <https://www1.ietf.org/pipermail/asrg/>
>Return-Path: asrg-admin@ietf.org
>X-OriginalArrivalTime: 28 Jun 2003 04:27:19.0948 (UTC) 
>FILETIME=[904094C0:01C33D2D]
>
>On Tue, Jun 24, 2003 at 01:32:22PM -0500, gep2@terabites.com wrote
>
> > ALL operating systems are vulnerable to viruses, as long as the
> > systems are user-programmable (or program-extensible).  OK, your
> > digital watch, your microwave oven (probably), and your laser printer
> > probably aren't vulnerable to viruses.  But that's because nobody
> > else can much change their code, either.
> >
> > > Other operating systems, or at least late-releases (e.g., Max OSX),
> > are not susceptible to viruses.
> >
> > And just what is the "magic bullet" that you think magically makes
> > those systems "not susceptible"?  I don't believe that there IS such
> > a magic bullet.
>
>   Because they *DON'T AUTO-EXECUTE EMAIL*.  Yeah, there's been a patch
>out for a while, but each time somebody's Windows crashes, and they
>re-install, they're back to square 1.  Unixes used to have backtick
>expansion enabled in mailcap.  It was determined to be "not a good
>thing" and was depracated.  Windows comes with "Windows Scripting Host"
>enabled.  And even if you delete it, most 3rd-party programs' install
>routines will install a copy to facilitate the install script.  Of
>course the installer leaves the scripting host installed.
>
> > And in particular, a WORD macro virus (for instance) which works on
> > a Windows-based OS will probably work on a Mac-based OS too... since
> > the level of abstraction provided by the macro facility SPECIFICALLY
> > shields the executing macro from vagaries based on the underlying OS.
>
>   Not on AbiWord for linux, it won't execute.
>
> > The better solution is really to put restrictions in place on
> > incoming material (and E-mail is our focus here) such that potentially
> > dangerous executable stuff (and in practice, this means ActiveX-type
> > stuff, scripting, and potentially malicious attachments) simply
> > aren't allowed to be delivered unless they come from pre-arranged
> > (or post-permitted, maybe), _trusted_ people who we EXPECT such type
> > of stuff to come from.
>
>   Howsabout the OS not allowing users to execute attachments from inside
>email.  Beyond this, what about *AUTO_EXECUTION OF ATTACHMENTS* ?
>
> > I got a spam just a day or two ago shilling for a porn site and
> > crowing about how "no credit card required".  The link said,
> > in essence, "to connect to this site directly using your modem,
> > CLICK HERE."  Under the concealment of the HTML, the link pointed
> > to a URL of .exe type.  Most lusers wouldn't realize (of course)
> > the implication of the (truthful) prompt... that the executable was
> > planning to hang up the person's Internet connection through their
> > local ISP, then redial on the user's modem to a 900-type international
> > telephone number at staggering per-minute charges, which will of
> > course bill to the luser's phone bill to arrive a month later.
>
>   Windows *BY DEFAULT* displays an attachment named "Loveletter.txt.vbs"
>as "Loveletter.txt".  *EVEN IF YOU TURN OFF THE OPTION TO HIDE
>EXTENSIONS* .lnk and .pif *WILL STILL BE HIDDEN*, unless you get into
>some registry hacking that is beyond the ability of the average user.
>We pound away at users not to execute executable attachments, and they
>think that clicking on a *.GIF or *.JPEG is OK.
>
>--
>Walter Dnes <waltdnes@waltdnes.org>
>Email users are divided into two classes;
>1) Those who have effective spam-blocking
>2) Those who wish they did
>
>_______________________________________________
>Asrg mailing list
>Asrg@ietf.org
>https://www1.ietf.org/mailman/listinfo/asrg

_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today! 
http://www.msn.co.uk/messenger


_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email