Amiga.org
Amiga computer related discussion => General chat about Amiga topics => Topic started by: Billsey on August 20, 2003, 09:12:54 PM
-
Regarding my home account, virus-infected emails are coming at me at such a rate, even on Amiga Mailing lists, that I am giving notice here that I have begun using my provider's spamblocker software to block the addresses of those whose accounts are spreading these viruses, based soley on whether or not I recognize the address. Although I have been getting some from the PageStream folks, I recognize that address, so they won't be blocked. If your account is sending out these viruses, and I don't recognize your address, you will be blocked from my account. That might cause problems with some mailing lists, but the viruses are getting awfully thick around here. Although I use a Mac for Internet and have not been infected, it is getting extremely tiresome ferretting out those viruses. I hope people get a handle on it soon.
-
You should remember that sometimes people don't mean to send you the viruses, but get infected and the virus automatically mails itself to all the addresses stored in the addressbook.
Windows users without proper virus scanning software and firewalling should be banned from the internet. They're just a liability.
-
Windows users without proper virus scanning software and firewalling should be banned from the internet. They're just a liability.
Well.. That would drop about 90% of internet users of the net.. I guess that would mean some faster net traffic..
-
Windows users without proper virus scanning software and firewalling should be banned from the internet. They're just a liability.
WHOA! EGO HAS REACHED CRITICAL MASS!
Even with virus scanners and firewall software, users can still be idiots, let software talk through the firewall, forget to update their virus scanners, all kinds of things can happen.
Virus scanners and firewall software is unnecessary if users are educated properly.
-
users can still be idiots
The funny thing is though the users what bitch and moan about a OS still continue to use it, that clearly shows what sort of idiot the user really is.
-
There are very few viable alternatives for the average user. All the alternatives have viruses written for them though, if the market share were to go to any of the alternatives, so would the virus share.
Admittedly alternative operating systems are unlikely to have the excellent virus launching platform that Microsoft products provide.
-
I don't use Windows, Mike.
-
My firewall runs all the time and my virus scanner is always up to date, i have the virus scanner check the computer regular and use adaware and spybot .I also try to use my yahoo mail acount to send and recieve accept if i use amibench .i have had someone from freeserve send me a virus to my yahoo account. :-)
-
Maybe they should just ban Windows users, period :)
-
I don't use Windows, Mike.
And?
-
And?
And this is the pinnacle of user-education, no? ;-)
-
And this is the pinnacle of user-education, no?
Contrary to popular advocacy belief, no.
-
amigamad wrote:
My firewall runs all the time and my virus scanner is always up to date
Having an "upto date" virus checker won`t always stop a new virus, as there is always a delay between the virus being released and the company writing the detection and removal routines for it, so during that time you`re at some risk to it.
The thing they should draw their attention to, is why the average Windows user still has the default (in)security setting in Outlook Express that helps these bloody things infect and spread.
-
Regarding my home account, virus-infected emails are coming at me at such a rate, even on Amiga Mailing lists, that I am giving notice here that I have begun using my provider's spamblocker software to block the addresses of those whose accounts are spreading these viruses, based soley on whether or not I recognize the address. Although I have been getting some from the PageStream folks, I recognize that address, so they won't be blocked. If your account is sending out these viruses, and I don't recognize your address, you will be blocked from my account.
Billsey-
I'm assuming you're complaining about Sobig.f - it's running rampent out there - I've cleared about a 100 out of my own inboxes over the past few days. Anyhow, keep in mind, the newer viruses (such as sobig.f) forge the from: and reply-to: fields to random values found on OTHER CLEAN MESSAGES from the victim's inbox. So, likely, the names you're blocking don't have anything to do with the virus, other than having recently sent the victim a clean e-mail.
If you want to block e-mail from people you don't know, you'd probably be better off going to a complete white-list system, rather than blocking the random addresses that may or may not have anything to do with a spam/virus, other than being forged as a from field.
-
@Doobrey
Having an "upto date" virus checker won`t always stop a new virus, as there is always a delay between the virus being released and the company writing the detection and removal routines for it, so during that time you`re at some risk to it.
The modern virus killers have the ability to recognize/detect a possible new virus (in Norton AV particularly, there is the so called "bloodhound")
My POP3 server runs inflex-scan that is an optimal virus scaner for the incoming mails (checks the attachments, and the scripts).
I really feel more safe with Amiga than with any other platform (for the time beeing ;-) ).
________
Interracial videos (http://www.fucktube.com/categories/25/interracial/videos/1)
-
Oh, it's not that I'm complaining so much as letting people know what's happening in case bounces start happening on some mailing lists.
In addition, the way the spamblocker is set up, I can still check mail that has been blocked, but I have to seek it out in order to check it. That way, if someone legit gets blocked , I can check them out later and have them removed from the block list.
-
And It's 'Virii' ;-)
-
No it isn't.
In Latin or in English, just because a word ends "-us" doesn't mean it's pluralised to "-i". See http://www.perl.com/language/misc/virus.html (http://www.perl.com/language/misc/virus.html).
And to be particularly pedantic, as that page points out, "virii" is especially wrong - if you were assuming that "virus" was pluralised in the same manner as "radius", then the plural would be "viri";)
-
The modern virus killers have the ability to recognize/detect a possible new virus
I wouldn't count on it :-)
One thing that doesn't impress me about virus scanners is their lack of ability to detect possible new viruses, mainly because it is commercially unsound to make such a product. The excuse is always that it is impossible, but look at SpamAssassin. Using the AV companies' rationale, SpamAssassin would have to make an identical match to class an email as spam. SA isn't a revolutionary-clever piece of software.
-
pc roolz....i love virus's...i should go buy one....i think.....hmmm nah...i love amiga and i hate virus's....
-
Believe it or not, a got a couple of emails from the yahoo bouncer bot yesterday. They had the virus attached. :-D
-
It is more... usually the virus takes an address
from the Outlook address book (I wonder why this
program is still used by ANYONE) of a guy with an
infected system and then sends to certain people in the address book of this person an email where he
fakes it was not sent by the guy with the infected
system, but instead by the guy who was choosen
from the address-book. So usually the addresses
which would be blocked by the user who started
the thread would be people who do not have
any infected systems (but are in address books of
people with infected systems).
Even worse - after what I was told Sobig.f takes it's
addresses not only from the Outlook address book,
but also from Webcaches of popular browsers.
So if someone released a program with a readme
which was released on Aminet, and someone with
an infected system browses the HTML-Version of Aminet (and this readme) the virus could get his
email address and fake virus-mails with his email...
And the guy who'se email was faked even still gets
all the "Your email contained a virus" for hundreds
or thousands of mails he did not even send. Often he does not even use Windows (meaning Macro-Viri
cannot infect his system).
The good news: Sobig.f will selfdestruct on
9th September, appearently...
Steffen
-
The good news is, is that SoBig will stop running on September 10th.
The bad news is, this means that the virus creator(s) know there stuff and are working on even bigger plans.
There using viruses for spam warfare now.
If the user(s) that got infected have you in their address book, or what have you, it does not matter if your on a Mac, Amiga, Linux, Windows, whatever. As long as you have email access, your going to get flooded with random emails from the infected user(s).
So this is not only a virus. But this is taking it to a whole new level of disaster.
The only thing that I can tell is this. The people that are mostly getting affected are the ones that share jokes and hoaxes and files back and forth to eachother via emails.
I have one other solution besides keeping yourself protected with Anti-Virus software, the latest virus definitions and a firewall. If your receiving alot of these emails with purported viruses. Email everyone in your address book and tell them of the situation, tell them that if they go to www.symantec.com or another site they can download the removal tool for the sobig virus. And they can run it to see if there infected. And then tell them all to install virus scan software on their systems and update there definitions.
-
Anyway, has anybody here been wiped out by an Amiga virus? I recall getting one that infected the first file in startup-sequence, and that affected a couple of disks before I picked up on it. I also got one one my HD - the first and last one that infected it - and that was years ago, five or more. I can't remember what the virus did, but as I was running VirusZ it was picked up on the first reboot and quickly eliminated.
The plural of virus? I interchange between viruses and virii, but having just read up on the subject, I rather like virora (http://www.perl.com/language/misc/virus.html) :-)
Chris
-
I kind of liked the one that was harmless except for rotating your workbench 180 degrees. :-)
-
Anyway, has anybody here been wiped out by an Amiga virus? I recall getting one that infected the first file in startup-sequence, and that affected a couple of disks before I picked up on it. I also got one one my HD - the first and last one that infected it - and that was years ago, five or more. I can't remember what the virus did, but as I was running VirusZ it was picked up on the first reboot and quickly eliminated.
Heh! I've gotten two Amiga viruses that actually did damage. Though, both were over 10 years ago, now... heh!
First, and I'm embarassed to admit it.... LAMER EXTERMINATOR (a bootblock/cold capture vector) virus did in a few diskettes about a week after I picked up my machine, thanks to a local BBS. That's when I realized it was wise to run VirusChecker, and learn a little bit more about this computer. It's more complex than a C64, for sure!! hehe!
Later, I got hit with Saddam virus... Remember that one? The little bastard hid in Workbench 1.2/1.3's "disk-validator" and would copy itself to any standard AmigaOS floppy that previously had a disk-validator file on it (most 1.2/1.3 app disks!), making that disk a carrier of the virus. It would also randomly corrupt a track or two on any disk.... (causing the disk to go unvalidated, and the virus'd disk-validator to run). I must have been "lucky" enough to get that one the day it came out, or so... I knew right away I was dealing with a virus, and I knew it wasn't a bootblock or standard virus, but I couldn't figure out what the heck it actually WAS. About a day after I started realizing exactly how deadly the thing was, the first news of how to get rid of it finally started showing up...
Ahh... some info about Saddam Virus... (http://home4.inet.tele.dk/vht-dk/amiga/desc/txt/saddam.htm)
The good ole' days... haha!
-
I've not read through all the replies so this have perhaps already been said but I'll say it anyway just to be sure that you know. It's common practise these days that viruses use a fake from adress, one that have often been taken from the adressbook of an infected person. So blocking of "from adresses" will do you no good since you are most likely to block of ppl that aren't infected but whos adress is in an infected persons adressbook.
I know from personal experience how some ppl have complained about to me about one of my email adresses as being a virus sender. It was one that was very public and most likely would end up in numerous adressbooks. Funny thing was that none of my privat adresses would "send" out any viruses. As then I run a firewall and virusprogram updated daily aswell as an emailfilter program to block of spam and viruses even before they leave the mailservers. :-D
:idea: I'd rekomend you try to block email viruses by finding common factors in the header and body of a mail and preferably combine with other factors such as size of the mail.
-
KennyR wrote:
Maybe they should just ban Windows users, period :)
People seem to forget where this all started. Aren't there people remebering 'You're amiga has become alive'
...
-
People seem to forget where this all started. Aren't there people remebering 'You're amiga has become alive'
Ah yes... The great ol' 'SCA" virus. Its went like this actually. "Somethinging wonderfull has happened..... Your Amiga is alive...... You have a vurus!"
That one took out more then half of my Orginal games at one time!
-
That one took out more then half of my Orginal games at one time!
Why did you have your originals write enabled? :-o
I never did have that many problems with viruses back in the day.. When Saddam was rampant, I had 2.04 so it didn't run on my machine. It was a major annoyance, however - I had many 1.3 owning friends who couldn't care less about the virus, so I had to disinfect each of their disks if I wanted to read the contents.. :-P
-
Current viruses never seem to do any physical damage. If they did, maybe people would care more about stopping them (and using something other than Windows/Outlook Express)
Chris
-
I run a thoroughbred Amiga system and a few days ago I received (via YAM) 'undelivered' mail from some form of mailwatcher. Neither were addressed to anyone I recognised and both were said to contain the SoBigf virus in an attachment.
It is therefore clear that SoBig will infect classic Amigas, presumably via its browser/html. I have sent two emails via my browser recently (before the current scare started) and I can only assume that's how it got to me. The worrying thing is, both emails were sent via amiga.org's private mailing system, where I certainly don't have an address book.
I deleted these bounced mails unopened.
Can anyone shed any light on this?
Cheers,
JaX
-
JaXanim, there is absolutely no way these kind of virii can infect an Amiga. They aren't binary compatible, they aren't API compatible, and Amiga's don't have the same security holes. SoBig is a worm - it needs to be run as executable code. An Amiga simply cannot do this.
See Norton's security response on the virus, here (http://securityresponse.symantec.com/avcenter/venc/data/w32.sobig.a@mm.html).
-
@KennyR
Perhaps 'infect' is the wrong term (I know next to nothing about viruses). Maybe it would have done ME no harm, but the SoBig critter was attached to some spurious bounced mail which the watcher insisted had been sent from my address.
Presumably, anyone actually receiving such spurious mail could become infected? If so, I would see my system as the source of their infection. A sort of healthy 'plague carrier' if you will.
And could a.org act as my vehicle for this?
Cheers,
JaX
-
Perhaps 'infect' is the wrong term (I know next to nothing about virues). Maybe it would have done ME no harm, but the SoBig critter was attached to some spurious bounced mail which the watcher insisted had been sent from my address.
Presumably, anyone actually receiving such spurious mail could become infected? If so, I would see my system as the source of their infection. A sort of healthy 'plague carrier' if you will.
Sobig and other email viruses typically spoof the sender address. The sender address is picked from database of email addreses, generated from local files like addressbook, www cache and such. Apparently someone who has your email address in his addressbook, or has browsed a website that has your email address embedded has the virus.
Basically this means these emails were NOT sent from your Amiga.
Your Amiga is not infected.
-
@Piru
Many thanks for your lucid comments. I was becoming reluctant to use my browser to send messages!
Cheers,
JaX
-
Something wonderful... Ahh, the memories... Even the virora (!) were better in the good ol' days!
Actually, I haven't noticed any effects of Sobig at all, and I think that is because of my web-hosting company. I can't remember the last time I received anything unwanted exept for the odd "increase your lala size" junk mail. Before I moved my website and mail account I was more or less flooded with the damn things.
-
More along this line, I have begun receiving emails—from postmasters, no less—accusing me of sending these viruses.
I use a Mac online and don't even own a Windows machine.
These postmasters have been summarily blocked, and these blocks will not be removed because postmasters really should know better.
-
It was probably about ten years back that my Amiga got bit by a virus called the cccp virus, it would infect the boot block of the next unprotected floppy that you put in the drive. It wrecked a couple of floppies before I caught it, since then I always write protect my floppies and always run antivirus software on all of my computers. Ever since then I've been fortunate enough not to pickup any virus's. On my pc I run two firewalls , norton and never open attachments that I wasn't expecting and even if I am expecting an attachment I always scan it just to be sure. Those first couple of floppies that I lost years ago was a cheap price to pay when it comes to learning about the damage these ugly programs can do. Amiga computers are not immune but there are way fewer infections out there when compared with the pc. I guess with the new generation amigas we're gonna need a new antivirus program ? new machines / new OS's = new holes for attack ?
-
I just one of those horrible "What if" thoughts...
What if a spammer gets infected with a virus like Sobig?
His/her database of millions of harvested email addresses would cause all hell to break loose.
BTW, has anyone read about the new DOS/DDOS attacks against spam blacklisters, causing mailservers to bounce legitimate mail because they can`t OK the source`s server against the lists.
Seems a bit odd, a new virus doing the rounds, and a DOS attack at the same time. Maybe that`s the extra payload for Sobig that they haven`t been able to decode yet?
-
What if a spammer gets infected with a virus like Sobig?
Heh. Spammers don't use the Windows Address Book :-)
-
yadda yadda yadda ,
so anyway, does this mean that the coder kiddies who put viruses in amiga boot block loaders are all working on the PC?
yay! :-D
-
mikeymike wrote:
Heh. Spammers don't use the Windows Address Book :-)
I dunno, some of them can be pretty lame.
I had one mail I was trying to trace back, and the spammer tried adding a few dummy "recieved-from:" lines to cover his tracks.Only problem was he didn't adjust the timestamps which were set to 3 days after I`d got the mail !
Anyway, it turned out to be from an infected machine inside hp.com !
-
Well my AV software aint up to date, but the firewall automatically blocka all incoming connections, and allows all outgoing connections. I have NEVER been infected by a virus, simply because virus mail is so obvious.
And yes, I do intend to update it, but I dont intend to pay norton for the privalege of protecting me from code that ythey have a vested interest in allowing to porpagate.