Forum Archive Index - September 2003

[Robin Benson <rob@hammerheadmedia.co.uk>]

I'm going to make one last post on this topic so as to try and reduce the noise:signal ratio (or at least, my contribution to the noise!). The following are my views/opinions, and I am not the moderator of this list.

1. Speculation about viruii, worms, trojan horses and the like is widespread. Much of it is inaccurate or downright rubbish (hence use of the word "crap", which I personally would say was an accurate and even mild comment in response to the suggestion that Microsoft's competition have some association with virus-writers) peddled by people (mostly journalists and "experts") who like to give them impression that they know what's going on. Well, in the absence of admissions by virus authors (I use the term "virus" here loosely to cover the range of beasties) I believe that there is very little to go on, and most people/agencies making noise are those who feel that the public's perception is that they (the agencies) should be doing something about it. Hence, for example, the arrest of some teenage script-kiddie somewhere may not be the author of Slammer but is offered up as a victory by law-enforcement people anyway.

2. Allan is correct that some of us (myself included) have had their email addresses used as the "owners" of outbound emails with viruii attached. Where Allan might be a little off-target is that the "snake" he refers to is actually the virus itself, not some devious morally-misguided individual (at worst, a computer owner who doesn't realise that simply by using Microsoft Outlook without virus-protection software puts him/her, and therefore others, at risk). Somebody's computer (in this case, this will be a PC running Microsoft Windows and Microsoft Outlook Express) has been infected with the virus and is unwittingly spreading the virus. It is extremely unlikely that the SOURCE of the virus (the author) used any information obtained from this discussion list. Instead, the virus is harvesting data for its own needs from the addresses and emails received/sent (including emails from this discussion list) from this person's Outlook Express.

3. Hugh Webber wrote:

> It is a concern if using Sharechat exposes us to prostitution of our user-ids
> and much greater spam and attacks by worms and viruses. I don't care
> whether MS is involved or not, that's irrelevant.

Each and every email you send, whether to Sharechat or anywhere else, has your email address on it and therefore potentially exposes you to abuse [1]. If the recipient deletes your email, then it will not be available to a virus on that person's PC for abuse. If they don't delete it, it's available. Microsoft facilitates this abuse through a flawed security model in its software. If you want to know more about this, find a decent book on security (for example, Secrets and Lies, or Beyond Fear, both by Bruce Schneier).

4. After some subtle prompting (!), Xtra appear to have found this unwitting person and helped them address their virus infection. I'm concerned that they needed prompting.

If you are concerned about your exposure to viruii, consult an IT person you trust, get googling, or visit one of the many virus-software vendors, for example, Sophos.com

Sorry to bore you -- normal transmission will now resume ...

Regards

Robin

[1] For example, the virus sending you unsolicited emails with copies of itself attached, or sending the virus to others but using your email address as the "sender"/"reply-to" which makes it look like you sent the virus (hence the virus avoids situations where the email bounces or is blocked and notified).

On Monday, September 8, 2003, at 06:51 AM, David & Jill Stevenson wrote in response to Richard Hadfield:

> No paranoia here - simply relaying mature speculation in the absence of contrary mature viewpoint without resorting to your expletives. No competitor names were mentioned -why the hysteria ?. Perhaps you had a bad day on the market? Furthermore the speculation is not mine.We face serious problems with viruses. Like everyone else I am anxious to find the culprits! Until somebody speaks with authority I will entertain any feasible speculation .Without adopting your childish stance.

On Monday, September 8, 2003, at 03:23 AM, Allan Potts wrote in response to Cristine Kerr:

> Cristine,
>
> Perhaps you missed several posts of last week.  It seems that several of us have had our email addresses hijacked with some worm sending out worms in our names.  I think SNOOPY, myself and others have been victums.  The snake sending the worms out is obviously using sharechatters screen names.  Whomever it is obviously hasn't thought about the moral implications of the financial costs he/she/it are causing people or worse yet doesn't care.
>
> Allan