reguarding worm / Auto-reply from abuse@ntlworld.com

Gee, now we have both an internet worm, and an ISP who is "forcing" patches on their customers. What is the world coming to?

ISP's have every right to do this. Do you have any idea the resources that are wasted because users don't take even the most basic steps to harden their machines against these kind of attacks? It doesn't just hurt those users it hurts potentially everyone who needs access to the resources of the internet. There is NO excuse for not patching known vulnerabilities especially those known to be exploited by mass mailing or Denial of service worms. It's also worth noting that most anti-virus and firewall programs offer protection in a timely manner from these threats so there is definitely NO reason to allow a mass mailing worm the chance to utilize your machine.

While I can understand the desire to force people to do the Right Thing(tm), no ISP that I know of (other than AOL and MSN) has a clause in their service agreement that gives them the right to change software on the user's PC without their knowledge and consent. Even they don't (to my knowledge) push OS fixes to their clients because blindly installing patches tends to break other software.

Having said that, would a few of you kind souls reply to this message (email) today (tuesday) or tomorrow? I'm getting up to 400 virus messages a day, so I'm changing my posting address to dbs_ snipped-for-privacy@tanj.com. I'm adding a filter to throw away mail to that address unless it has some indication that it is replying to a usenet article. To do that I need to look at examples from various news reader software.

I'll reply to all that I get.

Thanks

Daniel

Thanks Shiva

Forte news reader looks good. The reply address was not valid, but that's perfectly OK.

Daniel

is "forcing" patches

the resources that are

steps to harden their

the Right

has a clause in

change software on

they don't (to

blindly installing

this message

dbs_ snipped-for-privacy@tanj.com.

unless it has

To do that I

software.

Daniel, changing your posting address will not stop the virus mails your now getting in your personal mail. it will help the future though. you need to change your personal mail address to stop it.

g'luck

Thanks for the advice. The worms use NNTP servers which typically store only a few weeks of posts. Google has a LONG history but uses a web interface, so the worm's not getting addresses from there.

I figure in about 3 weeks I will only see the virus hitting the new address. Yes, I expect to see this go on forever. I see 'code red' worms hitting my web servers every day, and a fix for that has been out for most of a year.

My virus checker (mcafee) intercepts the virus at my mail gateway and I don't use microsoft except for one 'game' system, so I'm not woried about the virus itself.

I'm worried about the next one that has a larger payload or that sends thousands of nuisance emails with random text to addresses found on usenet. It's hard to filter out the random text if it does not include a copy of the virus. In the old days we called it a mail bomb...

Hows that for off topic :-)

Daniel

Thanks for the e-mails folks. It appears that I can determine which e-mails were sent via the major news readers.

Daniel

Maybe I misread the original but it seems to me that users were being forced to select the install so that they did have knowledge of it, albeit perhaps not the desire to install it. Your other point is a good one. The point of the ISP's in question I'm sure is that unpatched machines host attacks which cause them a great deal of trouble. If all computers on the net were up to date patchwise and had proper firewall and anti-virus softwware the effectiveness of attacks like those that have recently made news would be a tiny fraction of what it is now. Of course the same would be true if the software was not flawed in the first place.

Sent via e-mail at your request.

He's modifying his current filters as well.