{Virus?} Re:

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

{Virus?} Re:

Owen Densmore
Administrator
An HTML attachment was scrubbed...
URL: /pipermail/friam_redfish.com/attachments/20050104/19da55a6/attachment.htm
-------------- next part --------------
This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "Dog.com"
was believed to be infected by a virus and has been replaced by this warning
message.

If you wish to receive a copy of the *infected* attachment, please
forward this email to the support department requesting a copy of the attachment.

At Wed Jan  5 00:11:36 2005 the virus scanner said:
   Dog.com  Infection: W32/Bagle.AG@mm
   Executable DOS/Windows programs are dangerous in email (Dog.com)

Note to Help Desk: Look on Virus MailScanner in /var/spool/MailScanner/quarantine/20050105 (message 1Cm2WC-0001Lm-QP).
--
Postmaster
Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Stephen Guerin
While this wave of spam messages sent from Owen's spoofed address continue,
I switched his account to "moderated". Hopefully that will be a temporary
fix until SPF is installed.

In no way should this move reflect poorly on Owen - In fact, after a long
series of secret backroom delibirations, we are happy to announce that Owen
Densmore has won FRIAMGroup's "Most Valuable Poster" award for 2004. If you
see Owen around, please congratulate him. ;-)

-Steve
FRIAMGroup list admin

P.S. Bruce's "All my .exes live in Texas" won the list's coveted "Most
Original Wordplay" for 2004. :-)
http://www.countrygoldusa.com/all_my_exes.asp






Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Tim Densmore
Steve, would you mind forwarding me a copy of one or two of these
messages, including the headers?  What is easily visible in matters
like these is almost always spoofed, and the headers themselves will
contain the real info.  You are probably looking at junk that is being
spewed from an infected host with no intelligence behind it other than
it is spoofing messages using people in the infected person's address
book.


On Jan 4, 2005, at 9:37 PM, Stephen Guerin wrote:

> While this wave of spam messages sent from Owen's spoofed address
> continue,
> I switched his account to "moderated". Hopefully that will be a
> temporary
> fix until SPF is installed.

Thank you,
Tim Densmore

-------------------------------

"There's an awful lot of people in the world that sneer at Segways
because other people are having fun. There must be something bad about
it. But I always tell people, that hey, these Segways are so
environmentally conscious. I carry four of them in the trunk of my
Hummer."

-The Woz


Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Parks, Raymond
Tim Densmore wrote:

> Steve, would you mind forwarding me a copy of one or two of these
> messages, including the headers?  What is easily visible in matters like
> these is almost always spoofed, and the headers themselves will contain
> the real info.  You are probably looking at junk that is being spewed
> from an infected host with no intelligence behind it other than it is
> spoofing messages using people in the infected person's address book.

   It's actually a bagel/beagle virus message and not even the latest at
that.  If I recall correctly, once that virus infects a host, it uses
email addresses harvested from a variety of files on the host and
proceeds to send itself to those email addresses using one of them as
the from.  This means that the infected host has both the Friam mailing
list and Owen's address somewhere in a file, usually an Outlook address
book.  There is a high probability, therefore, that the infected host
belongs to someone on the FRIAM list.

   I took a quick look at the headers as I received them and it's
unclear whether any are original or all of them have been modified by
whichever virus scanner looked at my copy (it could have been Sandia's,
redfish's hosting company, backspaces, or ?).  The Received: header list
is short, and appears to originate with athens.hostgo.com receiving the
email from doug.org.

--
Ray Parks                   [hidden email]
IDART Project Lead          Voice:505-844-4024
IORTA Department            Fax:505-844-9641
http://www.sandia.gov/idart Pager:800-690-5288


Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Tim Densmore
I doubt it passed through backspaces' servers outbound since hostgo
requires either authentication or pop-before-smtp.  Mail is an
interesting problem with (IMO) no clear solution.  Yes, on the one
hand, several of the protocols mentioned may help stop the spread of
spam/viruses, but on the other hand would likely bankrupt many ISPs who
already take hundreds of calls a day for simple POP setup problems (and
I get *very* nervous when I hear that Microsoft pushing a standards
proposal).  Any time a user has to enter a password more than once, it
seems that rather than doubling the problems they experience with
miskeying or forgetting, it actually increases them exponentially.  
Even the common format of "password once, verify once" is often a major
stumbling block IME.  Public/private key combos might be a solution,
but I shudder to think what it would be like to lead Joe Averageuser
(or Jane Luddite) through key management.  In any event, what is very
clear at this point is that port blocking and refusal of same-network
relaying doesn't do anything to stop the spread of infection, but does
inconvenience users greatly.  Digitally signing messages seems to be an
obvious way to keep issues like spoofing/phishing to a minimum, but I
have yet to see a good checksum method for the average user.  Like I
said, an interesting problem.


On Jan 5, 2005, at 10:33 AM, Raymond C. Parks wrote:

> Tim Densmore wrote:
>
>> Steve, would you mind forwarding me a copy of one or two of these
>> messages, including the headers?  What is easily visible in matters
>> like these is almost always spoofed, and the headers themselves will
>> contain the real info.  You are probably looking at junk that is
>> being spewed from an infected host with no intelligence behind it
>> other than it is spoofing messages using people in the infected
>> person's address book.
>
>   It's actually a bagel/beagle virus message and not even the latest
> at that.  If I recall correctly, once that virus infects a host, it
> uses email addresses harvested from a variety of files on the host and
> proceeds to send itself to those email addresses using one of them as
> the from.  This means that the infected host has both the Friam
> mailing list and Owen's address somewhere in a file, usually an
> Outlook address book.  There is a high probability, therefore, that
> the infected host belongs to someone on the FRIAM list.
>
>   I took a quick look at the headers as I received them and it's
> unclear whether any are original or all of them have been modified by
> whichever virus scanner looked at my copy (it could have been
> Sandia's, redfish's hosting company, backspaces, or ?).  The Received:
> header list is short, and appears to originate with athens.hostgo.com
> receiving the email from doug.org.
>
> --
> Ray Parks                   [hidden email]
> IDART Project Lead          Voice:505-844-4024
> IORTA Department            Fax:505-844-9641
> http://www.sandia.gov/idart Pager:800-690-5288
>
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9AM @ Jane's Cafe
> Lecture schedule, archives, unsubscribe, etc.:
> http://www.friam.org
>
Thank you,
Tim Densmore

-------------------------------

"There's an awful lot of people in the world that sneer at Segways
because other people are having fun. There must be something bad about
it. But I always tell people, that hey, these Segways are so
environmentally conscious. I carry four of them in the trunk of my
Hummer."

-The Woz


Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Edward A. Puckett
Tim, I'd like to add to your excellent points.  I'm very nervous about
people trying to "solve" the spam problem, because I believe those
solutions will be the beginning of censorship on the Internet.  For an
interesting discussion of related issues, see:

     http://www.fourmilab.ch/documents/digital-imprimatur/

I shudder at the attempts Microsoft has made to make email as
complicated as the rest of their software.  They must see this as an
opportunity to "own" email.  Having worked with those people, I'm sure
of it.

Personally, I view spam from a somewhat Taoist perspective, and believe
that spam is the price we pay for freedom of speech.  And in that
light, it is a very small price.

On Jan 5, 2005, at 11:01 AM, Tim Densmore wrote:

> I doubt it passed through backspaces' servers outbound since hostgo
> requires either authentication or pop-before-smtp.  Mail is an
> interesting problem with (IMO) no clear solution.  Yes, on the one
> hand, several of the protocols mentioned may help stop the spread of
> spam/viruses, but on the other hand would likely bankrupt many ISPs
> who already take hundreds of calls a day for simple POP setup problems
> (and I get *very* nervous when I hear that Microsoft pushing a
> standards proposal).  Any time a user has to enter a password more
> than once, it seems that rather than doubling the problems they
> experience with miskeying or forgetting, it actually increases them
> exponentially.  Even the common format of "password once, verify once"
> is often a major stumbling block IME.  Public/private key combos might
> be a solution, but I shudder to think what it would be like to lead
> Joe Averageuser (or Jane Luddite) through key management.  In any
> event, what is very clear at this point is that port blocking and
> refusal of same-network relaying doesn't do anything to stop the
> spread of infection, but does inconvenience users greatly.  Digitally
> signing messages seems to be an obvious way to keep issues like
> spoofing/phishing to a minimum, but I have yet to see a good checksum
> method for the average user.  Like I said, an interesting problem.
>
>
> On Jan 5, 2005, at 10:33 AM, Raymond C. Parks wrote:
>
>> Tim Densmore wrote:
>>
>>> Steve, would you mind forwarding me a copy of one or two of these
>>> messages, including the headers?  What is easily visible in matters
>>> like these is almost always spoofed, and the headers themselves will
>>> contain the real info.  You are probably looking at junk that is
>>> being spewed from an infected host with no intelligence behind it
>>> other than it is spoofing messages using people in the infected
>>> person's address book.
>>
>>   It's actually a bagel/beagle virus message and not even the latest
>> at that.  If I recall correctly, once that virus infects a host, it
>> uses email addresses harvested from a variety of files on the host
>> and proceeds to send itself to those email addresses using one of
>> them as the from.  This means that the infected host has both the
>> Friam mailing list and Owen's address somewhere in a file, usually an
>> Outlook address book.  There is a high probability, therefore, that
>> the infected host belongs to someone on the FRIAM list.
>>
>>   I took a quick look at the headers as I received them and it's
>> unclear whether any are original or all of them have been modified by
>> whichever virus scanner looked at my copy (it could have been
>> Sandia's, redfish's hosting company, backspaces, or ?).  The
>> Received: header list is short, and appears to originate with
>> athens.hostgo.com receiving the email from doug.org.
>>
>> --
>> Ray Parks                   [hidden email]
>> IDART Project Lead          Voice:505-844-4024
>> IORTA Department            Fax:505-844-9641
>> http://www.sandia.gov/idart Pager:800-690-5288
>>
>>
>> ============================================================
>> FRIAM Applied Complexity Group listserv
>> Meets Fridays 9AM @ Jane's Cafe
>> Lecture schedule, archives, unsubscribe, etc.:
>> http://www.friam.org
>>
> Thank you,
> Tim Densmore
>
> -------------------------------
>
> "There's an awful lot of people in the world that sneer at Segways
> because other people are having fun. There must be something bad about
> it. But I always tell people, that hey, these Segways are so
> environmentally conscious. I carry four of them in the trunk of my
> Hummer."
>
> -The Woz
>
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9AM @ Jane's Cafe
> Lecture schedule, archives, unsubscribe, etc.:
> http://www.friam.org


Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

David Eric Smith
Edward, hi,

(Eric Smith: I think I have not met you before in person.)

Spam as the price for freedom of speech.  I agree with the sentiments
you expressed as a zeroth-order take; I immediately am brought to ask
"how does it scale", given that time and attention are a very finite
bound?  

It seems that in human society we have encountered similar problems on
different hardware, and many of the ineffables that we recognize as
important, often rebel against, and have in all societies, are the
evolved answer: gossip, referral, reputation, parochialism, etc.  

I wonder whether the problem of internet communication will at some
point adopt nontrivial "social" technologies, which are not
necessarily directly implemented as packet-transfer protocol
technologies etc.  In discussions with Mark Miller a few years ago, I
learned that this was the sort of application he had in mind for his
"Pet Name Markup Language" and related projects.  I don't have good
references, but have this somewhat related thread:

http://www.eros-os.org/~majordomo/e-lang/1401.html

Probably many of you know a lot about this system in detail, which I
don't.  

I can see that spam filters are trying to implement
pattern-recognition methods we would normally associated with
individual-level cognition, probably partly for ease of implementation
but also partly to avoid centralized control.  It would be interesting
to me if we could understand enough about constructive social dynamics
to independently "evolve" similar systems in the somewhat
lower-dimensional problem space of reliable and reasonably safe
content exchange via email.  My guess is that we would have conflicted
attitudes toward even the best of them, as we do toward their social
counterparts, because while they avoid the worst evils of autocratic
control, they do lead to some losses of autonomy, create confusions,
and make other concessions.  This, in addition to your other very good
point, that complexity in itself is an almost default source of
troubles.

Eric

Reply | Threaded
Open this post in threaded view
|

A small move to avoid the virus message

Frank Wimberly
According to the WP article whose link is below, 2004 spam approached 80% of
all email.

http://www.washingtonpost.com/wp-dyn/articles/A46037-2005Jan3.html

Frank

---
Frank C. Wimberly       140 Calle Ojo Feliz       Santa Fe, NM 87505
Phone:   505 995-8715 or 505 670-9918 (cell)