Re: [Asrg] Viruses
"Mark McCarron" <markmccarron_it@hotmail.com> Sat, 28 June 2003 04:46 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02983 for <asrg-archive@odin.ietf.org>; Sat, 28 Jun 2003 00:46:45 -0400 (EDT)
Received: (from exim@localhost) by www1.ietf.org (8.11.6/8.11.6) id h5S4kIl03817 for asrg-archive@odin.ietf.org; Sat, 28 Jun 2003 00:46:18 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7bO-0000zU-GI for asrg-web-archive@optimus.ietf.org; Sat, 28 Jun 2003 00:46:18 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02974; Sat, 28 Jun 2003 00:46:14 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19W7bL-0001Es-00; Sat, 28 Jun 2003 00:46:15 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19W7bG-0001Ep-00; Sat, 28 Jun 2003 00:46:10 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7b7-0000wM-6L; Sat, 28 Jun 2003 00:46:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19W7ae-0000w7-PJ for asrg@optimus.ietf.org; Sat, 28 Jun 2003 00:45:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02968 for <asrg@ietf.org>; Sat, 28 Jun 2003 00:45:29 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19W7ac-0001Ed-00 for asrg@ietf.org; Sat, 28 Jun 2003 00:45:30 -0400
Received: from bay2-f33.bay2.hotmail.com ([65.54.247.33] helo=hotmail.com) by ietf-mx with esmtp (Exim 4.12) id 19W7aR-0001Ea-00 for asrg@ietf.org; Sat, 28 Jun 2003 00:45:19 -0400
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 27 Jun 2003 21:44:29 -0700
Received: from 62.253.8.12 by by2fd.bay2.hotmail.msn.com with HTTP; Sat, 28 Jun 2003 04:44:29 GMT
X-Originating-IP: [62.253.8.12]
X-Originating-Email: [markmccarron_it@hotmail.com]
From: Mark McCarron <markmccarron_it@hotmail.com>
To: asrg@ietf.org
Subject: Re: [Asrg] Viruses
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
Message-ID: <BAY2-F33JJGtpXv8CD400002b4b@hotmail.com>
X-OriginalArrivalTime: 28 Jun 2003 04:44:29.0515 (UTC) FILETIME=[F5EC09B0:01C33D2F]
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Sat, 28 Jun 2003 04:44:29 +0000
Perhaps you should examine the 'GIEIS' system located here at: http://homepage.ntlworld.com/giza.necroplis And also refer to ASRG - The Solution to Spam - The First Response. This system would kill off the majority of email based attacks on unsuspecting users. I would appreciate your comments, Mark McCarron. >From: Walter Dnes <waltdnes@waltdnes.org> >To: ASRG list <asrg@ietf.org> >Subject: Re: [Asrg] Viruses >Date: Sat, 28 Jun 2003 00:26:17 -0400 >MIME-Version: 1.0 >Received: from mc8-f22.law1.hotmail.com ([65.54.253.158]) by >mc8-s5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun >2003 21:28:11 -0700 >Received: from optimus.ietf.org ([132.151.6.20]) by >mc8-f22.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun >2003 21:27:17 -0700 >Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org)by >optimus.ietf.org with esmtp (Exim 4.20)id 19W7Ij-00086T-JA; Sat, 28 Jun >2003 00:27:01 -0400 >Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)by >optimus.ietf.org with esmtp (Exim 4.20)id 19W7IL-00085z-5Jfor >asrg@optimus.ietf.org; Sat, 28 Jun 2003 00:26:37 -0400 >Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1])by ietf.org >(8.9.1a/8.9.1a) with ESMTP id AAA02450for <asrg@ietf.org>; Sat, 28 Jun 2003 >00:26:33 -0400 (EDT) >Received: from ietf-mx ([132.151.6.1])by ietf-mx with esmtp (Exim 4.12)id >19W7II-00016E-00for asrg@ietf.org; Sat, 28 Jun 2003 00:26:34 -0400 >Received: from dci.doncaster.on.ca ([66.11.168.194] helo=smtp.istop.com)by >ietf-mx with esmtp (Exim 4.12)id 19W7I8-000169-00for asrg@ietf.org; Sat, 28 >Jun 2003 00:26:24 -0400 >Received: from waltdnes.org (ip27-165.tor.istop.com [66.11.165.27])by >smtp.istop.com (Postfix) with SMTP id CF13C36948for <asrg@ietf.org>; Sat, >28 Jun 2003 00:26:17 -0400 (EDT) >Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 28 Jun 2003 >00:26:17 -0400 >X-Message-Info: KtxBqYfPyq2q+b5GbwSpcDYCuxNqEkmv >Message-ID: <20030628002617.C2360@m433> >References: <B0000024222@nts1.terabites.com> >User-Agent: Mutt/1.2.5.1i >In-Reply-To: <B0000024222@nts1.terabites.com>; from gep2@terabites.com on >Tue, Jun 24, 2003 at 01:32:22PM -0500 >Sender: asrg-admin@ietf.org >Errors-To: asrg-admin@ietf.org >X-BeenThere: asrg@ietf.org >X-Mailman-Version: 2.0.12 >Precedence: bulk >List-Unsubscribe: ><https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=unsubscribe> >List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org> >List-Post: <mailto:asrg@ietf.org> >List-Help: <mailto:asrg-request@ietf.org?subject=help> >List-Subscribe: ><https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request@ietf.org?subject=subscribe> >List-Archive: <https://www1.ietf.org/pipermail/asrg/> >Return-Path: asrg-admin@ietf.org >X-OriginalArrivalTime: 28 Jun 2003 04:27:19.0948 (UTC) >FILETIME=[904094C0:01C33D2D] > >On Tue, Jun 24, 2003 at 01:32:22PM -0500, gep2@terabites.com wrote > > > ALL operating systems are vulnerable to viruses, as long as the > > systems are user-programmable (or program-extensible). OK, your > > digital watch, your microwave oven (probably), and your laser printer > > probably aren't vulnerable to viruses. But that's because nobody > > else can much change their code, either. > > > > > Other operating systems, or at least late-releases (e.g., Max OSX), > > are not susceptible to viruses. > > > > And just what is the "magic bullet" that you think magically makes > > those systems "not susceptible"? I don't believe that there IS such > > a magic bullet. > > Because they *DON'T AUTO-EXECUTE EMAIL*. Yeah, there's been a patch >out for a while, but each time somebody's Windows crashes, and they >re-install, they're back to square 1. Unixes used to have backtick >expansion enabled in mailcap. It was determined to be "not a good >thing" and was depracated. Windows comes with "Windows Scripting Host" >enabled. And even if you delete it, most 3rd-party programs' install >routines will install a copy to facilitate the install script. Of >course the installer leaves the scripting host installed. > > > And in particular, a WORD macro virus (for instance) which works on > > a Windows-based OS will probably work on a Mac-based OS too... since > > the level of abstraction provided by the macro facility SPECIFICALLY > > shields the executing macro from vagaries based on the underlying OS. > > Not on AbiWord for linux, it won't execute. > > > The better solution is really to put restrictions in place on > > incoming material (and E-mail is our focus here) such that potentially > > dangerous executable stuff (and in practice, this means ActiveX-type > > stuff, scripting, and potentially malicious attachments) simply > > aren't allowed to be delivered unless they come from pre-arranged > > (or post-permitted, maybe), _trusted_ people who we EXPECT such type > > of stuff to come from. > > Howsabout the OS not allowing users to execute attachments from inside >email. Beyond this, what about *AUTO_EXECUTION OF ATTACHMENTS* ? > > > I got a spam just a day or two ago shilling for a porn site and > > crowing about how "no credit card required". The link said, > > in essence, "to connect to this site directly using your modem, > > CLICK HERE." Under the concealment of the HTML, the link pointed > > to a URL of .exe type. Most lusers wouldn't realize (of course) > > the implication of the (truthful) prompt... that the executable was > > planning to hang up the person's Internet connection through their > > local ISP, then redial on the user's modem to a 900-type international > > telephone number at staggering per-minute charges, which will of > > course bill to the luser's phone bill to arrive a month later. > > Windows *BY DEFAULT* displays an attachment named "Loveletter.txt.vbs" >as "Loveletter.txt". *EVEN IF YOU TURN OFF THE OPTION TO HIDE >EXTENSIONS* .lnk and .pif *WILL STILL BE HIDDEN*, unless you get into >some registry hacking that is beyond the ability of the average user. >We pound away at users not to execute executable attachments, and they >think that clicking on a *.GIF or *.JPEG is OK. > >-- >Walter Dnes <waltdnes@waltdnes.org> >Email users are divided into two classes; >1) Those who have effective spam-blocking >2) Those who wish they did > >_______________________________________________ >Asrg mailing list >Asrg@ietf.org >https://www1.ietf.org/mailman/listinfo/asrg _________________________________________________________________ Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger _______________________________________________ Asrg mailing list Asrg@ietf.org https://www1.ietf.org/mailman/listinfo/asrg
- RE: [Asrg] Viruses Tom Thomson
- [Asrg] Viruses gep2
- Re: [Asrg] Viruses Vernon Schryver
- [Asrg] Re: Viruses wayne
- Re: [Asrg] Re: Viruses Steven F Siirila
- RE: [Asrg] Viruses Hallam-Baker, Phillip
- RE: [Asrg] Viruses Bob Wyman
- RE: [Asrg] Viruses Vernon Schryver
- RE: [Asrg] Viruses Barry Shein
- Re: [Asrg] Viruses Barry Shein
- [Asrg] Re: Viruses Bruce Stephens
- Re: [Asrg] Viruses gep2
- RE: [Asrg] Viruses Bob Wyman
- Re: [Asrg] Viruses Walter Dnes
- Re: [Asrg] Viruses Mark McCarron
- RE: [Asrg] Viruses Barry Shein
- RE: [Asrg] Viruses Barry Shein