[H-GEN] Re: [H-ANNOUNCE] Virus spam warning

Jason Parker-Burlingham jasonp at panix.com
Mon Mar 21 21:56:16 EST 2005


On Tue, Mar 22, 2005 at 09:55:53AM +1000, Tony Bilbrough wrote:

> I too have been getting them for a wee while
> BUT.............
> 1] they all purported to have come from the exec mail list, so I wrote 
> back to the exec mail list for an explanation.

The message to -announce might have mentioned this little tidbit.  My
ISP helpfully deletes stuff like this without my having to bother myself
with it.  When I notice a new one they're instantly recognizable as a
scam and I'm frankly amazed that they ever spread at all.

If the warning had said something more like the following I should have
been a great deal less annoyed.  (As it was it was all I could do to
care enough to respond at all; this message is to clear up a few points
before I leave the matter in more capable hands.)

	"Some club members have been receiving messages similar to the
	following, apparently from the HUMBUG executive.  These messages are
	not from the exective.  It is possible to see that the message is a
	fake because...

	If we wanted to send you a warning that your system was compromised we
	would call you on the phone/send you PGP-signed email/come 'round to
	your house with a two-by-four.

	The messages can be recognised by the following characteristics...

	Refer to blahblah.example.com/virusinfo for more information."

*That* message is clear, unambiguous, and explains in a number of ways
how to recognise future fake messages, thereby arming the reader against
further assaults on their credulity---something that I note Mark took
pains to do, as he so frequently does.

> Mark Suter took the trouble to explain how to read the headers. Then it 
> became obvious that Caliburn was not compromised. Mark's reply is 
> pasted, just below Jason's laughing vivisection,

A note:  I was not dissecting Matthew's warning, nor was I responding
from a sense of sport.  What I referred to when I signed off with a note
that I dissect VB viruses for fun was the practice of unpacking and
deobfuscating the code, if it comes in that particular language.  It is
occasionally instructive.

> for those that are 
> interested.

*If* we're going to be interested in viruses that affect other operating
systems, then I think more detail is called for:  the name, signature
and effects of the virus would be a good start.  This is almost exactly
what I said in my initial response to Matthew's message and I stick by
it.

> 2] the virus only shows up when a mailer is opened under a windows 
> operating system, and lets face it not too many Humbug members use that 
> one, outside work hours!
> However from a work place .........

There is no shortage of resources which can be used to keep abreast of
developments in Windows email viruses.  I know because I watch a number
of them closely.  I don't disagree that it's valuable information, just
that the HUMBUG mailing lists are the wrong forum for it; if a list
subscriber wants to warn the rest of us about a security problem then it
should probably be done with more detail.

Cheers,
-- 
Jason Parker-Burlingham
<jasonp at panix.com>
+1 585-237-6378




More information about the General mailing list