•Re: OT: Well now a worm spreader!

It doesn't come from my system. I don't run windows. But the worm is picking email sender names from cached text files of infected systems. And guess what? My email appears on a lot of pages.

This has been really annoying to me, maybe more than most. I'm dealing with 1500 to 3000 misdirected messages an hour whenever one of these get let loose.

But I've seen a recent report that 10 million (yes million) machines on home broadband connections are infected, which is why each of these MyDoom and NetSky worms are so effective.

Microsoft sucks. There. Had to say it.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on •Re: OT: Well now a worm spreader!

Replies are listed 'Best First'.
Re: •Re: OT: Well now a worm spreader! by hardburn (Abbot) on Feb 25, 2004 at 20:47 UTC
I haven't seen many misdirected messages (I just got a brand new domain and my new addresses haven't had enough time to spread around yet), but I do see a few well-meaning (read: dumb) admins that have hooked in automatic replies to their virus checker. I highly doubt my FreeBSD system is infected with MyDoom . . . ---- `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l]
Re: Re: •Re: OT: Well now a worm spreader! by flyingmoose (Priest) on Feb 25, 2004 at 21:12 UTC
Can someone please tell me how to patch my Linux box? It is having trouble executing this virus attachments... More seriously -- Not only are "Automatic virus replies considered harmful..." they actually double the internet damage a worm can cause. I dred the day I see a worm-found auto-mailer challenge an Out-of-Office response bot to the death. Which brings me to "Out of Office response bots considered annoying"...	[reply]
Re:x4 OT: Well now a worm spreader! (postfix header check for virus spew) by grinder (Bishop) on Feb 25, 2004 at 22:12 UTC
At the risk of being totally off-topic, but hey, there must be more than one sysadmin in the audience using Postfix as an MTA... I have a regex that looks for antivirus spew in order to reject it. Someone had collected a large list of subject headers received from antivirus malware and posted it to the Postfix mailing list. Rather than bog down my server with a check against each subject, I used Perl to build one regex to match them all (and in the darkness bind them :) If your postfix installation was compiled with the pcre library, you can use the following: Read more... (4 kB) Note: the above is senstitive to spaces. Make sure you "download code" rather than a simple cut'n'paste. I've put the RE in a `<readmore>`, something I never do as a rule in a reply, but it occurs to me that if for people who have long line code wrapping turned off it will make the page rather... wide. In any case, it's been weeks since we have been bothered by the antics of antivirus software.	[reply] [d/l]
Re: Re:x4 OT: Well now a worm spreader! (postfix header check for virus spew) by flyingmoose (Priest) on Feb 26, 2004 at 01:14 UTC
Re: OT: Well now a worm spreader! by Abigail-II (Bishop) on Feb 25, 2004 at 23:42 UTC
Can someone please tell me how to patch my Linux box? Trivial. Every MTA worth its salt, and that includes most available for Linux, knows how to deal with a .mailcap file. Even browsers like Netscape know how to deal with a .mailcap file. It's very easy to configure your .mailcap file so it fires up perl whenever you receive an email or webpage with MIME type `application/perl`. Or fire up another turing complete language interpreter for another MIME type. Does your mailer conveniently fire up a PostScript viewer when you open up a PostScript attachment? PostScript is a powerful language, are you sure your PostScript interpreter doesn't have security holes? Abigail	[reply]
Re: Re: OT: Well now a worm spreader! by flyingmoose (Priest) on Feb 26, 2004 at 01:19 UTC