My fault or just Spam

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Feb 18 14:09:33 PST 2004 

On Tue, Feb 17, 2004 at 07:29:03PM -0600, luke at themango.org wrote:

> Anyhow, within the month that I've had my server running I've been
> recieving numerous emails that are obviously malicious to Windows users
> (i.e. contain an attachment with some random-letters.exe and nonsense
> about a patch). In short my concern is not that me or my wife will run
> this, sense we don't use Windows, but whether these emails are just spam
> or if it is my fault.

Not your fault at all.  The 'net is being plauged at the moment by a
series of Windows worm programs that attempt to spread themselves
through e-mail.  Once the infect a machine, they send e-mail to
addresses listed in uers' address books, and also forge the sender
address using the same source.  See,
eg. http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.b@mm.html

This means that you and I, as innocent and uninfected bystanders will
be deluged in three types of message as a consequence:

   i) Messages from the trojan program attempting to propagate itself.

  ii) Bounce messages from the mailer daemon saying that messages of
      type (i) couldn't be delivered, sent to the forged sender
      addresses.

 iii) Really annoying messages sent by some dim-witted anti-virus
      software accusing you of sending virus infested e-mails.  These
      are completely pointless, as the sender addresses are forged,
      and the AV software writers should know that.

In fact the huge flood of messages of type (iii) have outnumbered the
messages of type (i) in this latest outbreak.  AV software writers
making themselves part of the problem there, rather than the solution.

As FreeBSD users we can, of course, act all smug about this and just
set our spam filters and AV software to dump all of the (i), (ii) and
(iii) types of message into the bit-bucket.

If you want to test your machine to see if it is providing an open
relay, go to http://www.abuse.net/relay.html and follow the
instructions.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040218/210f1785/attachment.bin

More information about the freebsd-questions mailing list