[Prev][Next][Index][Thread]

(meteorobs) Fwd: Viruses Using Addresses From Archives




Anyone with further information on the following, please contact me
VIA PRIVATE EMAIL regarding this notice...

Lew Gramer
owner-meteorobs@jovian.com
owner-netastrocatalog@jovian.com

------- Forwarded Message

Date: Mon, 20 Dec 1999 18:25:29 +0000
To: dedalus@latrade.com
From: Steve Harrison <ko0u@os.com>
Subject: Viruses Using Addresses From Archives

Lew,

I don't know what virus protection may be installed on the main MeteorObs
server, but here's what's been going on with several other reflectors to
which I subscribe:

Three or five days ago, a few of us began receiving e-mails containing
attachments FROM OURSELVES. That is, the return address was ourself. But
the TITLE of the e-mails was that from a posting we'd recently submitted to
a particular reflector.

It appears that somebody has unleased a worm virus which is picking out
addresses from recent e-mails in the archives of some reflectors. It then
sends a reply to those posters, attaching the worm. You can read about it here

http://www.symantec.com/avcenter/venc/data/worm.newapt.html

and here

http://vil.nai.com/vil/wm10475.asp

The problem is that this thing actually seems to access the Archives from
which it picks out the e-mail addresses of recent posters; then it sends an
e-mail back to that poster with the worm attached. Thus, I don't think a
SYSOP can stop this without killing "unauthorized" access to the archives.

So, you may want to keep this in mind. I guess you can do two things:
either close the archives entirely for a few weeks, or limit access to
current subscribers of the reflectors.

I would suggest that you post a warning on your reflectors asking any and
all to IMMEDIATELY let you know when they receive this thing so that YOU
can IMMEDIATELY close the archives or whatever you want to do. And, of
course, warn folks never to open unsolicited attachements.

One thing that works for me is to set the maximum size of my e-mail
download to just 10 kB. Unfortunately, MeteorObs sometimes has meteor
reports that exceed that size. But when I receive a large e-mail like that,
I just receive the first 10 kB of the thing and the rest is truncated. At
the bottom, my Eudora then tells me I can download the remainder if i click
on the Server icon at the top which will tell my ISP to give me the whole
thing. So I can actually sorta "preview" larger e-mails and choose which to
download.

But of course, that still leaves that larger e-mail sitting on the Server's
machine, just waiting to download when I relax my guard and reset my max
download size large enough. So the next step would be for me to ask my ISP
to autodelete all undownloaded e-mails after some period of time. I know
for a fact that to date, my own ISP does NOT delete ANY undownloaded
e-mail; so I've got to get on this.

SteveH
Shrewsbury MA

P.S. BTW, MeAfee's virus software did not, as of yesterday, protect against
this series of worms despite the description on the Network Associates web
page. I just downloaded and installed Norton AV2000 last night so don't
have sufficient experience yet with that one.



------- End of Forwarded Message



To UNSUBSCRIBE from the 'meteorobs' email list, use the Web form at:
http://www.tiacdot net/users/lewkaren/meteorobs/subscribe.html