[ On Tuesday, January 27, 2004 at 19:28:26 (+0000), Alan J. Flavell wrote: ]
> Subject: Re: [Exim] MyDoom filtering?
>
> But who will defend us from the absolute *storm* of misguided attempts
> to notify us that "we" (more correctly, someone else masquerading
> as us) have been sending out viruses? WE HAVE NOT.
Oh my, oh my, how I wish someone could give us all a good answer to that
question!
It might be worthwhile campaining one or more of the current DNSBL
operators to consider adding a blacklist for those who either bounce
viruses or who defang them and then deliver the notice on in such a way
that the recipient can't recognize them for what they were.
In the mean time I send as polite a notice as I can manage to the
postmaster and abuse contacts at all sites asking them to please fix
their broken mailers and virus filters, etc., though I'm starting to get
behind on the handling the flood this time around. It seems all the
last big event did was encourage more sites to install these misguided
systems.
> (That having been said, however, a noticeable proportion of the
> nuisance items arriving here today have been non-delivery reports from
> AOL trying to report non-existent addressees. They don't seem to have
> noticed that they're dealing with a virus yet.
I had been hoping AOL were getting closer to being able to have their
front-end SMTP servers reject unknown recipients, and in the mean time
I'd been dreading this day....
I think I'm going to have to block all mail from AOL again for a while.
(luckily I don't usually expect to get any mail from AOL users)
This new mess has created so much noise for me that I'm getting close to
wanting to outright block any and all sites which can't reject unknown
recipients at SMTP time.
> Unfortunately a
> substantial proportion of the faked sender addresses were genuine,
> even though the addressees were dud.)
Given what I understand of how this worm works that's not surprising.
Even my own addressbook contains a surprising number of old and
non-functional addresses, but just imagine what the worm can find when
it roots around on the average luser's PC.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>