ADMIN: Viruses & Worms

22 Jul 2004 - 8:24am
582 reads
Dave Malouf


I've gotten a couple of people telling me that they are getting viruses from
the list or just generally from "".

Some of you may know this about the latest evolution of e-mail viruses,
worms, and what-not and if you do, feel free to delete. Others may not have
this understanding and haven't been so lucky as to have experienced it
themselves yet. For the latter bunch it would behoove you to read this

The latest set of viruses does something akin to the following (I'm more
concerned with the effect than the technical workings here).

1. Someone gets infected ... doesn't matter how, they just do.
2. The virus immediately goes to someone's addressbook or contact list and
scans it. (Note: it doesn't only look at your addressbook, it also looks at
your address history.)
3. The virus has several different permutations
a. It sends out e-mail from the infected person to everyone in the
address book.
When I say "from" I mean the message looks like it is from that
actual person.
b. It sends out an e-mail spoofing the "from" field to be from someone
in the addressbook
Since the worm is networked it doesn't only send to that person's
but from addresses it has amassed from everyone infected.
c. It sends out an e-mail spoofing the "from" field to look like it is
from a domain of "interest"
How these virus' know which domains are more interesting than others
is baffling, but
These can look like they are from <mailto:admin at>
admin at or just fred at

These last 2 scenarios mean that the e-mails NEVER go through our system,
but can look like they do. If an e-mail address is spoofed that is actually
a subscriber, those messages might be able to get through. BUT you will know
this message got distributed through the e-mail list as opposed to sent
directly to you b/c it will have the [ID Discuss] ammendment to the subject
line. (obviously, this coudl be spoofed too, but is rarer).

The ONLY solution I have at this poitn is to tell people to keep their virus
software updated and get really good network security software. I use the
latest version of McAfee and have to say that it does wonders for my system
at home. A good system will block you from sending multiple copies of a
message in too short a time interval with the same subject line. You can
tell it to allow it, but this type of e-mail protection can really help all
your friends and family (and colleagues) a lot. (No! I don't work for

I hope this helps address people's concerns.

-- dave

David Heller
<mailto:dave at> dave (at) interactiondesigners (dot)

AIM: bolinhanyc \\ Y!: dave_ux \\ MSN: <blocked::>
hippiefunk at
-------------- next part --------------
An HTML attachment was scrubbed...

Syndicate content Get the feed