[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kegs wrote: > On Tue, 2003-03-04 at 11:52, Theo Zourzouvillys wrote: > > I must be really unlucky to have got sent the same virus twice by > different people then, but I can see it getting quite common as it has > only been out in the wild for about a week I *think* Join any mailing lists recently, post to any big mailing lists, or popular newsgroups? Then the infection probably spread from one recipient to another poster on the same list, who then passed it on. The GNU Chess list is plagued by copies of (Klez I think) which uses the subject line "an interesting game" (or similar amongst others), and enough people have got "bug-gnu-chess" in their address books, and it is an "open" list.... I now run a 10Kb limit on that list which catches the vast majority (and sends me an e-mail every time - argh.....) and very few bug reports. At one point a post to the mailing list version of comp.protocols.dns.bind would get you a selection of 4 or 5 viruses. Typically Klez replies to unread mail. The worst was posting to gnu.announce which got me a continual stream of viruses, you'd think people there would know better than to use Microsoft mail clients, although I suspect only a handful of infected machines were responsible for the deluge of viruses. Indeed one I tracked down, the guy claimed the virus was a fake and not from their domain at all, however the SMTP handshake completed with their mail server just in advance looked pretty genuine to me, so some are so clueless as not to find infection even when the mail is going through their own mail server, and told to look. I got subsequent viruses from the same location. I think you've just been lucky to escape being sent more in the past, a lot depends on how well known your e-mail address(es) are. As for Kai claims that antivirus is "Off Topic" in a Linux group - - there are viruses out there - just not very many or very virulent - but Linux is not free from malicious code. However telling people you have virus checked an e-mail is at best totally pointless (unless you're the antivirus vendor doing viral marketing), and at worst will lead them to trust such stupid proclamations and spread more viruses. When shipping Windows executables of free software I make an explicit point of saying I don't (necessarily) virus check them, let us get the responsibility in the right place. We need more use of jails, sandboxes, and security managers. Simon -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+ZLnrGFXfHI9FVgYRAlwuAJ9BSQ8vmv2U5sPQtYr7jnEyO4LniwCePZrz yBh9SlMMyIW1OL9bqwRBHMA= =dPY9 -----END PGP SIGNATURE----- -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.