OT - MIcrosoft Security issues & attached virus

Nah, most of the groups I follow have mentioned it. For those with Norton, this may help

Options | E-Mail | How to increase protection

Uncheck "Alert when scanning e-mail attachments"

At least you wont be bugged about each and every one.

I am up to 200 a day or more with one arriving every minute or so. For the first time ever I have added stuff to my email address.

I have a friend in Phoenix running a graphic arts company--no involvement with this NG or modeling at all. She is clearing her Yahoo accounts every hour just to make room for any legitimate mail that might be trying to get through...

I have a small number of email accounts, yahoo, hotmail, etc. The ONLY one I am having this problem with is the Yahoo account. All the Hotmail accounts, besides the spam, are clear of clutter (including the one tied to this NG). Makes me wonder if Yahoo hasn't been targeted, but some of you guys are with other servers/mail providers, so I think I'll go with the zit-faced ill-raised unpopular with time-on-his-hands high school computer geek looking for attention flooding the bandwidth with what he doesn't have for manhood...

Yep, just realised, of the many email addresses I have, it's only the one that I use on Usenet that's getting the current MS spam (and that's an address on my own domain name, not Yahoo.)

So I'll just stop regularly reading mail sent to that account and delete it all from time to time. Which of course is why I setup the seperate name in the first place, only up until now very little of the spam I receive was actually sent to that account!

Spot on Tom.

They used to say no one got sacked for buying IBM, then sadly it became no one got promoted unless they bought MicroSnot.

The marketing was aimed totally at the non technically minded,

and us technicals were forced to put it everywhere against our better judgement.

We then spent the next few years selling extaordinarily expensive solitiuns to network it, even more expensive solutions to get it on the 'net and finally hugely expensive firewalls to keep the net off it, and wipe its bottom every few minutes in case it had crapped on itself.

Two expressions from my days of being involved with it sprint to mind

"Designed by smart men to sell to naive fools, but never, ever, to actually WORK"

"All chrome and tailfins on a Model T chassis, engine and brakes"

You may be a world expert on batteries Red, but I have been around Usenet a long time.

There is no reason to use a valid e-mail address here. Its madness. Apart from normal spam, and virus spam, there are individuals who take offence, and use their skills to discover who you are and pester you with more than e-mails.

I will never put my e-mail address out there. I also have several options. One of teh best is if you WAT to communicate with someone, set up intitally a temporay e-mail account with e.g. hotmail, use that to get a response from someone you want to contact, and then switch to a second e-mail address that you use for 'open mail'

Keep your primary e-mail address on a different domain, and never give THAT to anyone you don't personally know.

E.g. My e-mail address here is totally and obviously bogus. The worst that anyine using it can do is overlaod the root name servers trying to find out who knows anything about the .c domain.

If I want to talk to someone here I wouldopen an accoiunt with e.g. snipped-for-privacy@hotmail.com, and ask them to post their address there.

I then reply with my secondary mail domain to them, and we cahtter. If they get comproimised, and my secondary domain gets flooded, it doesn't stop me useing mmy primary domain for real traffic.

Another really bad idead is filling in yoir real life details on a web form when ordering online.I did this with a major UK distributor of electrical goods, for a digital camera. My spam volume to my real address rocketed after that.

Its better to own a whole domain, and use a different name for every time you release your e-mail address. That way, you can track spam back to the correct originatoing site, and work out who has deliberately or illicitly allowed your e-mail details to go into a spam list.

It also means you can filter out stuff going to that address more easily.

Finally, if you have a PC connecetd to the Internet by cable modem, or XDSL, its a prime target for being subverted. Windfows is not an operatng suystem, it is a collection of bits of poorly written software wriiten at different times by different teams to achieve market penetration and sales volume. As such it s more full of security holes than a colander. The thungs youy can do are.

(i) If possible use some hardware firewall between you and the Internet. I use a network address translation router. Its pretty hard to hack a Cisco, and pretty obvous due to its simplicity when its happened. Relying on software running on teh PC is really relying too much on the windows environment in the first place.

(ii) Asume anything you download that rns as a script or program, is a virus, and scan it before installing it.

(iii) Get Norton antivirus, and do a full scan once a week, keep up your subscriptions and download updates every minth at least.

(iv) Use wherever possible a program that isn't written by Microsoft, in preference to Microsoft's. I uses Eudora for e-mail, and Netscape for web browsing and news for example. Few hackers target these as they are less common and not worth the effort.

(v) Don't use address books. Just keep a smaple e-mail somewhere from anyone you want to talk to, and reply to it if you want to send them a message.

This won't eliminate problems entirely, but it will at least put some useful barriers in the way, protecting you, and others.

Hi

Only in my case, "bounced" mail, which has been arriving at approx one per minute for over a week now - I stopped counting after the first hour - appears to be caused by somebody else who isn't using AV protection.

I have tried to make my system as "bomb-proof" as possible. I have a Firewall; an AV programme always running in the background and which I update (and run) every couple of days; I do a virus check on EVERYTHING I download before running or opening it: anti-spyware programmes; Mailwasher - I very rarely even download mail, just read it on the server then delete it from there (in fact, luckily as it happens I don't even have an email programme set up for the address the "Microsoft Patch" virus is being sent to) and I check every day or so to see what new files or folders have been modified or created, in case I spot something odd.

Unfortunately, somebody else, who has my email address on their system, probably has a virus!!!!

One computer illiterate friend I contacted yesterday (and may be the cause of part of my problem) said:- "Oh yes. I have a virus programme - it came with my PC" "Have you set it up and do you ever do a virus check?" "I didn't know I had to - it came already installed" "When did you last update it?" "I didn't know I had to" "Fer Chrissake never, never, open an email from Microsoft about Internet Explorer updates" "Oh, I realise that. Anyway Microsoft only ever contact me by email about "Outlook Express" updates"

What the hell can you do with people like that?? Before I gave them my email address, they assured me their PC was fully protected.

Regards

KGB

Hi Howard

I have read somewhere that one good way to write an email address that fools spambots yet remains obvious to a human (using my own address as an example) is to write it:-

kokopelli(at)u(dot)genie(dot)co(dot)uk

Alas, too late now to do anything about the above address ("Microsoft update" viruses are arriving there at around one every three or four minutes), but tomorrow I shall subscribe to a new ISP and try it out with my new address. KGB

I have been using my correct email address on everything I send out yet I get very few of these problems. It must be more than just that.

Must be luck.

My email address has been around a while and I currently get, taken from statistics right now, 4,206 since August 23. That's a lot of spam. What I think happens is that you get on list A, spammer B buys it, calls it his own list and sells list B. Of course another spammer buys it and makes it his own selling it, and so it grows. The good thing is that my bayesian filters work well, missing about 10 to 15 a day. I save my spam for training my bayesian filters so that's why I know exact figures.

I know for a fact that they harvest addresses from Usenet, plus InterNIC and probably the newer domain registry's if they list the email address of the administrator. They also probe websites for it, I got the logs where they try, and they try to trick you into providing it to them, just as certain spammers try to steal your credit card info by claiming to be from Ebay or asking you to verify a purchase.

Spam address books come from any source that lists an email address. Why the Govt. would pass a no call bill, yet ignore the bigger more pressing problem of spam is well beyond me. Spam is much more intrusive in my life than a few unwanted phone calls would ever be, and sadly, the ones I get are not affected by it because they come from Law Enforcement asking for money.

OK, I'll try a science experiment. Probably too late, but I modified my addy. I woke this morning to a "stuffed" email account.

Let's hope this junk gets cleared up. Though it's no problem setting up another email account, I have a LOT of contacts through the existing one and am too lazy to send change of addy notices...

I wonder why we don't see more about this e-mail flood in the media? It must be clogging the system for businesses as well as individuals.

Red SO.

Perhaps everyone has agreed to deny the cyber terrorist the notoriety and fame they so desperately desire. The same should be done for other terroristic acts. Voluntarily, of course.

Ed Cregger

I swear it has something to do with WHO you have made out of sorts. As soon as I got one particular group bent out of shape, the volume of my junk mail (in ALL classes) skyrocketed - fake address notwithstanding. I expect it not to change, so I stay current on AV stuff.

-- Jim Branaum AMA 1428

Six_O'clock_High Target snipped-for-privacy@Guns.com

Norton AV with Virus definitions dated before Sept. 18, 2003 is unable to nail this worm. If you have Norton AV update to the September 19, 2003 or later. It will at minimum quarantine incoming contaminated email.

I don't know what is wrong with my system. I am running 2003 SystemWorks and Norton reports the date of the definitions as being 9/18/03. When I ran (manually) LiveUpdate last night and again tonight it shows that I have the latest and greatest.

It's been featured on national news here