So here we are with another debilitating virus/worm which is launching denial of service attacks against various websites (most notably SCO.com). Worm after worm, virus after virus, how are people so oblivious to the fact that they should not open attachments from people they don't know? I don't even open attachments from people I do know, unless I know they are sending me an attachment beforehand. It's just absurd that people blindly open whatever they get, have antiquated virus protection (if any at all), and don't know what to do even if they are infected.
Today, I received over 1,000 of these e-mails, all of which were quietly stripped of the worm thanks to my free antivirus program and then easily filtered into my deleted items folder in Outlook. To top off the 1,000+ e-mails that made it to me (the result of accepting all e-mails sent to a non-existent person on my domains), I received hundreds of bounced e-mails from servers that think the best way to deal with a virus is to bounce it back to the sender. The problem is, the FROM: field in every single one of these virus e-mails is forged. So if it appears to come from, say henry@sd-1.com, the way the infected computer came up with that e-mail is to take a random first part of the e-mail (before the @) and combine it with a random domain name (after the @) from the user's address book. So even though henry doesn't exist on my server, nor will he ever exist, the server that received, detected, and bounced the e-mail back to me is furthering the problem of the virus - overloading networks, filling up mailboxes, and just causing unnecessary traffic. It's complete idiocy - I understand the reason the server might have thought to bounce back the e-mail, assuming the FROM field is correct in the e-mail, but there hasn't been a worm/virus that hasn't forged the fields in quite a while.
What fun it is to download about 100 messages an hour from my e-mail servers. Half of which are viruses, and the other half is probably all spam or bounced e-mails. I really should keep track of how many I receive in one day. Out of all the e-mails, I would guestimate that, excluding e-mail newsletters, only 0.25% are legitimate e-mails (not 25%, 1/4 of 1%).
URL: F-Secure Computer Virus Information Pages: Mydoom
Today, I received over 1,000 of these e-mails, all of which were quietly stripped of the worm thanks to my free antivirus program and then easily filtered into my deleted items folder in Outlook. To top off the 1,000+ e-mails that made it to me (the result of accepting all e-mails sent to a non-existent person on my domains), I received hundreds of bounced e-mails from servers that think the best way to deal with a virus is to bounce it back to the sender. The problem is, the FROM: field in every single one of these virus e-mails is forged. So if it appears to come from, say henry@sd-1.com, the way the infected computer came up with that e-mail is to take a random first part of the e-mail (before the @) and combine it with a random domain name (after the @) from the user's address book. So even though henry doesn't exist on my server, nor will he ever exist, the server that received, detected, and bounced the e-mail back to me is furthering the problem of the virus - overloading networks, filling up mailboxes, and just causing unnecessary traffic. It's complete idiocy - I understand the reason the server might have thought to bounce back the e-mail, assuming the FROM field is correct in the e-mail, but there hasn't been a worm/virus that hasn't forged the fields in quite a while.
What fun it is to download about 100 messages an hour from my e-mail servers. Half of which are viruses, and the other half is probably all spam or bounced e-mails. I really should keep track of how many I receive in one day. Out of all the e-mails, I would guestimate that, excluding e-mail newsletters, only 0.25% are legitimate e-mails (not 25%, 1/4 of 1%).
URL: F-Secure Computer Virus Information Pages: Mydoom
posted by Blake | 19:39
0 Comments:
Post a Comment
<< Home