reguarding worm / Auto-reply from

Recieved this mail below back from
RE: Apply the internet patch for Microsoft Internet Explorer
/ Stop Spam Request
19 Sept 2003: Msblaster/Welchia Worm ongoing issues
We are aware of the large number of customers who have been
infected by this worm and/or its variants, as a result
customers may be seeing a high number of ICMP requests on
their firewalls. Ntl have mailed all their customers with
instructions on how to remove this worm and patch their PCs.
We are also using a 'honeypot' to identify infected
customers and force them through a patching process. To date
we have succesfully forced 23,000 + customers through this
fix for
Welchia Worm
formatting link

Msblaster Worm
formatting link of the W32.Blaster.Worm Removal Tool will
remove the following threats as well as their side effects:
Reply to
Loading thread data ...
ISP's have every right to do this. Do you have any idea the resources that are wasted because users don't take even the most basic steps to harden their machines against these kind of attacks? It doesn't just hurt those users it hurts potentially everyone who needs access to the resources of the internet. There is NO excuse for not patching known vulnerabilities especially those known to be exploited by mass mailing or Denial of service worms. It's also worth noting that most anti-virus and firewall programs offer protection in a timely manner from these threats so there is definitely NO reason to allow a mass mailing worm the chance to utilize your machine.
Reply to
While I can understand the desire to force people to do the Right Thing(tm), no ISP that I know of (other than AOL and MSN) has a clause in their service agreement that gives them the right to change software on the user's PC without their knowledge and consent. Even they don't (to my knowledge) push OS fixes to their clients because blindly installing patches tends to break other software.
Having said that, would a few of you kind souls reply to this message (email) today (tuesday) or tomorrow? I'm getting up to 400 virus messages a day, so I'm changing my posting address to dbs_ I'm adding a filter to throw away mail to that address unless it has some indication that it is replying to a usenet article. To do that I need to look at examples from various news reader software.
I'll reply to all that I get.
Reply to
is "forcing" patches
the resources that are
steps to harden their
the Right
has a clause in
change software on
they don't (to
blindly installing
this message
400 virus messages
unless it has
To do that I
Daniel, changing your posting address will not stop the virus mails your now getting in your personal mail. it will help the future though. you need to change your personal mail address to stop it.
Reply to
Thanks for the advice. The worms use NNTP servers which typically store only a few weeks of posts. Google has a LONG history but uses a web interface, so the worm's not getting addresses from there.
I figure in about 3 weeks I will only see the virus hitting the new address. Yes, I expect to see this go on forever. I see 'code red' worms hitting my web servers every day, and a fix for that has been out for most of a year.
My virus checker (mcafee) intercepts the virus at my mail gateway and I don't use microsoft except for one 'game' system, so I'm not woried about the virus itself.
I'm worried about the next one that has a larger payload or that sends thousands of nuisance emails with random text to addresses found on usenet. It's hard to filter out the random text if it does not include a copy of the virus. In the old days we called it a mail bomb...
Hows that for off topic :-)
Reply to
Maybe I misread the original but it seems to me that users were being forced to select the install so that they did have knowledge of it, albeit perhaps not the desire to install it. Your other point is a good one. The point of the ISP's in question I'm sure is that unpatched machines host attacks which cause them a great deal of trouble. If all computers on the net were up to date patchwise and had proper firewall and anti-virus softwware the effectiveness of attacks like those that have recently made news would be a tiny fraction of what it is now. Of course the same would be true if the software was not flawed in the first place.
Sent via e-mail at your request.
Reply to

Site Timeline

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.