running-forum.com
Promoting running discussion.



Main
Date: 18 Sep 2006 12:21:15
From: LSmith
Subject: Margaret, Not From Me * warning*




phil m. just emailed me informing me he got an email titled "Margaret"
from me (it virus was recognized & stopped).

phil emailed me....I sent no such email. i just googled "Virus
Margaret" and learned on the usenet (groups) there is some virus called
Margaret in the title going across the usenet and net.

Be aware, it's not from me...someone or piece of software grabbed my
old email address of lanceandrew and is sending from that identity...





 
Date: 19 Sep 2006 03:51:22
From: steve common
Subject: Re: Margaret, Not From Me * warning*


"LSmith" <Digisend@gmail.com > wrote:

>Be aware, it's not from me...someone or piece of software grabbed my
>old email address of lanceandrew and is sending from that identity...

This is email abuse at it's most basic. I already received an email with
the "from" address = myself, telling me my wife is unsatisfied with the
size of my wedding tackle.

I knew it wasn't from me cos my wife hasn't been anywhere near said
objects for years :oP

Seriously, spammers use any old address from their "target" list to fill
in the "from" field. Only corporate mail systems and a few responsible
ISPs enforce any kind control of the sender's identity.


 
Date: 18 Sep 2006 14:34:47
From: runsrealfast
Subject: Re: Margaret, Not From Me * warning*



Phil M. wrote:

> Yes, I know. My point was that the way a lot email viruses work is they
> send to everyone in your contact list. Who's in your contact list? People
> you know. That's why you don't limit caution to people you know
>
> --
> Phil M.

yeah hackers seem to be winning the war. I took a security class my
Junior year in college (2 years ago). and even then the gap between
protection and the hackers was increadably wide. But your right we get
viruses through people we know more that people we don't...

John



  
Date: 19 Sep 2006 06:22:43
From: Donovan Rebbechi
Subject: Re: Margaret, Not From Me * warning*


On 2006-09-18, runsrealfast <tay01020@yahoo.com > wrote:
>
> Phil M. wrote:
>
>> Yes, I know. My point was that the way a lot email viruses work is they
>> send to everyone in your contact list. Who's in your contact list? People
>> you know. That's why you don't limit caution to people you know
>>
>> --
>> Phil M.
>
> yeah hackers seem to be winning the war. I took a security class my
> Junior year in college (2 years ago). and even then the gap between
> protection and the hackers was increadably wide.

Plenty of good security measures available but most people turn them down
to make things more "convenient". Security is for the most part "inconvenient"
until it saves you getting hacked.

Cheers,
--
Donovan Rebbechi
http://pegasus.rutgers.edu/~elflord/


   
Date: 19 Sep 2006 11:32:18
From: Doug Freese
Subject: Re: Margaret, Not From Me * warning*



"Donovan Rebbechi" <abuse@aol.com > wrote in message
news:slrnegv35j.7bq.abuse@panix2.panix.com...
> On 2006-09-18, runsrealfast <tay01020@yahoo.com> wrote:
>>
>> Phil M. wrote:
>>
>>> Yes, I know. My point was that the way a lot email viruses work is
>>> they
>>> send to everyone in your contact list. Who's in your contact list?
>>> People
>>> you know. That's why you don't limit caution to people you know
>>>
>>> --
>>> Phil M.
>>
>> yeah hackers seem to be winning the war. I took a security class my
>> Junior year in college (2 years ago). and even then the gap between
>> protection and the hackers was increadably wide.
>
> Plenty of good security measures available but most people turn them
> down
> to make things more "convenient". Security is for the most part
> "inconvenient"
> until it saves you getting hacked.

True but I agree with Steve in that no matter how much security we have
there are always very clever people that find ways to get into your
system as long as it's online. Most security measures for Joe or Jane
Doe, are to keep out the mass abuser.

I know I chose to run windows(grew to detest Unix and Linux- remnants
from my old job) but we know Gates does not give a damn about security
but adding more bells and whistles. I'll be interested in seeing if
they add any real security to the new OS that's in beta test and soon to
hit the market.

-Doug





    
Date: 19 Sep 2006 18:55:13
From: Donovan Rebbechi
Subject: Re: Margaret, Not From Me * warning*


On 2006-09-19, Doug Freese <dfreese@hvc.rr.com > wrote:

> True but I agree with Steve in that no matter how much security we have
> there are always very clever people that find ways to get into your
> system as long as it's online.

The vast majority of email viruses aren't very "clever".

Nearly all breakins either require the user to be somewhat complicit by
voluntarily executing some nasty code (e.g. email viruses), or they require a
persistent server process that the attacker can go after.

> Most security measures for Joe or Jane Doe, are to keep out the mass abuser.

Any sort of firewall combined with sensible practices already clamps down on the
obvious problems.

> I know I chose to run windows(grew to detest Unix and Linux- remnants
> from my old job) but we know Gates does not give a damn about security
> but adding more bells and whistles.

Microsoft ultimately reflect the demands of the market. The market are simply not
very security conscious as evident in the fact that even the minimal available security
features are often ignored or bypassed (for example, there's no need to enable JS in
a mail client).

They did add a firewall, which makes it quite a bit harder for a trojan or
similar. The firewall is not terribly impressive, but there are much stronger
products offered by third parties that are relatively inexpensive.

Running MS Windows without getting hacked mostly requires the user to avoid running
viruses. Avoiding MSIE and Outlook Express is a good start. Using the OS doesn't mean
you have to use the email client and the web browser as well (contrary to what some
would have you believe)

Cheers,
--
Donovan Rebbechi
http://pegasus.rutgers.edu/~elflord/


 
Date: 18 Sep 2006 14:24:39
From: Phil M.
Subject: Re: Margaret, Not From Me * warning*



Phil M. wrote:
> tay01020@yahoo.com wrote:
>
> >
> > Phil M. wrote:
> >> tay01020@yahoo.com wrote:
> >>
> >> > Please no one open any e-mail if you don't know who its from.
> >>
> >> Just don't open attachments, even if you know who it's from, unless
> >> you're actually expecting an attachment from that person.
> >>
> >> --
> >> Phil M.
> >
> > there have been a couple of viruses that have passed by opening the
> > e-mails. Scriping languages are getting pretty savy.
> >
> > John
> >
> >
>
> Yes, I know. My point was that the way a lot email viruses work is they
> send to everyone in your contact list. Who's in your contact list? People
> you know. That's why you don't limit caution to people you know

Oops. I meant don't limit caution to people you *don't* know. ;-)

--
Phil



 
Date: 18 Sep 2006 13:50:23
From: runsrealfast
Subject: Re: Margaret, Not From Me * warning*



Phil M. wrote:
> tay01020@yahoo.com wrote:
>
> > Please no one open any e-mail if you don't know who its from.
>
> Just don't open attachments, even if you know who it's from, unless you're
> actually expecting an attachment from that person.
>
> --
> Phil M.

there have been a couple of viruses that have passed by opening the
e-mails. Scriping languages are getting pretty savy.

John



  
Date: 18 Sep 2006 21:17:30
From: Phil M.
Subject: Re: Margaret, Not From Me * warning*


tay01020@yahoo.com wrote:

>
> Phil M. wrote:
>> tay01020@yahoo.com wrote:
>>
>> > Please no one open any e-mail if you don't know who its from.
>>
>> Just don't open attachments, even if you know who it's from, unless
>> you're actually expecting an attachment from that person.
>>
>> --
>> Phil M.
>
> there have been a couple of viruses that have passed by opening the
> e-mails. Scriping languages are getting pretty savy.
>
> John
>
>

Yes, I know. My point was that the way a lot email viruses work is they
send to everyone in your contact list. Who's in your contact list? People
you know. That's why you don't limit caution to people you know

--
Phil M.


  
Date: 19 Sep 2006 06:18:45
From: Donovan Rebbechi
Subject: Re: Margaret, Not From Me * warning*


On 2006-09-18, runsrealfast <tay01020@yahoo.com > wrote:
>
> Phil M. wrote:
>> tay01020@yahoo.com wrote:
>>
>> > Please no one open any e-mail if you don't know who its from.
>>
>> Just don't open attachments, even if you know who it's from, unless you're
>> actually expecting an attachment from that person.
> there have been a couple of viruses that have passed by opening the
> e-mails. Scriping languages are getting pretty savy.

Nah, email itself is plain text which is displayed and formatted. Anything else is
strictly speaking an attachment. It's funny how a text only mail client almost never
gets these email virus problems.

Viruses always require complicity from the email client software to execute
the rogue code, whether it's via a careless user clicking on the attachment, or
the software configured so badly that it potentially automatically executes
exploits (and this is certainly not beyond the bounds of possibility --
consider a html/javascript exploit for example)

Cheers,
--
Donovan Rebbechi
http://pegasus.rutgers.edu/~elflord/


   
Date: 19 Sep 2006 18:36:22
From: Craig Pennington
Subject: Re: Margaret, Not From Me * warning*


Donovan Rebbechi <abuse@aol.com > wrote:
[snip]
> Nah, email itself is plain text which is displayed and formatted. Anything else is
> strictly speaking an attachment. It's funny how a text only mail client almost never
> gets these email virus problems.

[looks at Donovan's headers]
User-Agent: slrn/0.9.8.0 (NetBSD)

Nice. I use mutt & tin myself.

> Viruses always require complicity from the email client software to execute
> the rogue code, whether it's via a careless user clicking on the attachment, or
> the software configured so badly that it potentially automatically executes
> exploits (and this is certainly not beyond the bounds of possibility --
> consider a html/javascript exploit for example)

Do the Outlook variants execute JS in HTML messages by default? If they
do, I assume they use the IE engine to do so.

_Seen in the wild: Zero Day exploit being used to infect PCs_:

http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html

"The exploit uses a bug in VML [CP: Vector Markup Language, see
<http://www.w3.org/TR/NOTE-VML.html >] in Internet Explorer to
overflow a buffer and inject shellcode. It is currently on and off
again at a number of sites.

...

This exploit can be mitigated by turning off Javascripting."

Mitigated? I'm guessing something in the install or reproduction path of
this particular instance requires JS, and thus there is possibly a way
to leverage the VML exploit which bypasses JS.

Cheers,
Craig

--
Corollary to Clarke's Third Law:
Any technology distinguishable from magic is insufficiently
advanced.


 
Date: 18 Sep 2006 12:25:48
From: runsrealfast
Subject: Re: Margaret, Not From Me * warning*



LSmith wrote:
> phil m. just emailed me informing me he got an email titled "Margaret"
> from me (it virus was recognized & stopped).
>
> phil emailed me....I sent no such email. i just googled "Virus
> Margaret" and learned on the usenet (groups) there is some virus called
> Margaret in the title going across the usenet and net.
>
> Be aware, it's not from me...someone or piece of software grabbed my
> old email address of lanceandrew and is sending from that identity...

dang hackers. Please no one open any e-mail if you don't know who its
from.

John



  
Date: 18 Sep 2006 20:34:03
From: Phil M.
Subject: Re: Margaret, Not From Me * warning*


tay01020@yahoo.com wrote:

> Please no one open any e-mail if you don't know who its from.

Just don't open attachments, even if you know who it's from, unless you're
actually expecting an attachment from that person.

--
Phil M.


 
Date: 19 Sep 2006 08:06:52
From: runsrealfast
Subject: Re: Margaret, Not From Me * warning*


I'll be interested in seeing if
> they add any real security to the new OS that's in beta test and soon to
> hit the market.


your expecting to much from Microshaft.

Anyway, is it just me or everyone. I have noticed a lot of spam
recently to the address I use for google groups. don't want to say its
this group itself but most of my posts are here (at least latley).

John



  
Date: 19 Sep 2006 18:55:45
From: Donovan Rebbechi
Subject: Re: Margaret, Not From Me * warning*


On 2006-09-19, runsrealfast <tay01020@yahoo.com > wrote:
> I'll be interested in seeing if
>> they add any real security to the new OS that's in beta test and soon to
>> hit the market.
>
>
> your expecting to much from Microshaft.
>
> Anyway, is it just me or everyone. I have noticed a lot of spam
> recently to the address I use for google groups. don't want to say its
> this group itself but most of my posts are here (at least latley).

usenet is a harvesting ground for spammers.

Cheers,
--
Donovan Rebbechi
http://pegasus.rutgers.edu/~elflord/


 
Date: 20 Sep 2006 06:38:34
From: Ed Prochak
Subject: Re: Margaret, Not From Me * warning*



runsrealfast wrote:
> your expecting to much from Microshaft.
>
> Anyway, is it just me or everyone. I have noticed a lot of spam
> recently to the address I use for google groups. don't want to say its
> this group itself but most of my posts are here (at least latley).
>
> John

if you post to newsgroups, your email address is on the spammer's
lists. This has been true for a long time now, and is one reason my
business emaill address is so flooded with junk. But I've posted for
too long with that address. So my postings from gmail merely give the
spammers one more address to flood.

But yeah, newsgroups are a prime source for email addresses for the
spammers and hackers.

ed