From my little experience in virus fight , i have realised that when a virus hit a mailbox , it starts spreading readind the Global Address list.... now.. in most cases it starts from the begining of the names.... so ...I was thinking if it could do any good , to create a fake male (for example aaabaar.aaaabar@smtg.com) to the Global address list so that even if the antivirus dont catch it , the first name that will be hit, will be the fake one and so you'll be able to realise that smtg is happening..... .... what do u think about it ??

Well, a lotof virii contain their own smtp program, so you will have to watch all outbound conections, and hope that you catch it. Also, it runs pretty fast, so the chances of you actually catching it on the first address..... On some of the older virii, this worked really well, because it actually checked to see if the message was sent. If not, it would retry, so the virus would hang on the first message, but now it just mass mails to every address it can find.

Thank you for your answer... what i meant was that even if the antivirus doesnt recognise the virus as virus and let it pass , the viri will start email itself to everyone in the Global Address list.... The effort isnt to stop the virusby making it hang , but for the Administrator to be notified that smtg is wrong.... an email box that is never used and suddenly gets an email, means smtg .....

Variations of this trick have been discussed for some time now. The Virus Myths website had an article in which they basically said it's not really a good idea. The article can be read HERE (http://www.vmyths.com/hoax.cfm?id=263&page=3)


DjM

Actually, what I did was create 75 "hidden" addresses and it fooled most virus into mailing itself to the first 50 or so fake addresses. It works pretty well ,but nothing takes the place of a good enterprise virus scanner.

Why not just remove system access to the the script engines i.e. 'wscript.exe' and 'cscript.exe'. these are the files that allow the execution of VBS and WSH scripts which account for more than half of these mass mailer worms. change the permissions to Special Access > Read Only.

This will stop the script viruses dead...

i have read the article DjM and it talks about chain letters and how to avoid them :) .... It also sais that from their experience Administrators dont use that trick ...... i didnt read smtg else in there ....