Got this from 'What's new at Ziff Davis'
Just as you think that 'maybe' I'll be OK...........


http://www.eweek.com/article2/0,1759,1607743,00.asp

Mass Mailer Worms Are Dead!

At least that's what our Security topic center editor Larry Seltzer thinks. He says the golden era of Melissa, Netsky and Bagle has come to an end. Why? Because there are no new techniques out there to be exploited, Larry says, and new authentication schemes will kill off the rest of the litter. It's a bold statement, and you'll want to read his well-reasoned argument to decide for yourself. But even if he's right, it's not all smooth sailing ahead. Larry lays out what he's really worrying about, and now that I've read it, I'm shaking, too!

# You need to have very old e-mail software that allows executable attachments; this means no Microsoft clients or patches of clients from the last 3 years.
# Neither you nor your ISP can have remotely up-to-date anti-virus software.
# You can't have a firewall (any decent firewall would stop the worm from sending mail).
# Worst of all, you're a user of one of the public P2P networks like KaZaA.

He forgot gulliable users. And there are a lot of users out there with old software and/or outdated AV. The firewall will allow out what the ruleset says. If the rules are to forward messages, how will the firewall know the difference between legitimate emails and non-legit?

Another important point about these worms that I believe has been true for quite some time, months at the least: They're at most a minor problem for enterprises.

Uh. Rumor was that many of these mass mailer worms from last year and this were going to be running in the billions -- EACH. I wouldn't call that minor...

I think he's a little off his rocker and giving a sense of false security.

# Worst of all, you're a user of one of the public P2P networks like KaZaA.

That's a ton of people, isn't it?

Cheers,
cgkanchi

So he's saying people who keep their firewalls/AVs/OSs up to date will be ok. Gee, that's news! :D So, has he ever met a real life user?

i hope this guy isnt responsible for anything important. (no thank god just ZDnet) he sounds like the people in charge of the patent office at the beginning of the 20th century. they wanted to close down the patent office because they thought everything that could be invented had been. good thing nobody listened to them either

"Because there are no new techniques out there to be exploited"

im in shock someone would say this.

there may not be any new exploits out there 'today' and even if none can be found in existing software they'll come out with something 'new and improved'. with brand new holes to exploit.

Because there are no new techniques out there to be exploited

Didn't they say that in Troy before they found that pretty little horse...... :rolleyes:

(Yes, I recently saw the movie..... Historically incorrect but a great yarn... Achilles is protrayed as an absolute machine... fun watch....)

/Back to topic

So he's saying people who keep their firewalls/AVs/OSs up to date will be ok

Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo!

I nearly have enough saved for a new Notebook, and my next car payment is due..

Roll on user ignorence..

Software fire walls Have to be running 100% of the time. Disable for 1 minute..????
Antivirus progs do fail.. and they generaly update once per week.. if a user only gets online once a fortnight???
Again.. Winduz update is relient on the user being online at least once/one hour per week (when the Vulnerability to malware time is now so low).
I think mass mailers will die only after Chain-eMails die...



Cheers

BTW: Is anyone aware of a prog that will "Harvest" Email Address from your Outlook/OLEXP mailbox and place the results in a spreadsheet or CSV form?

Undies:

Google: Harvest Email Address Outlook CSV

Then pick your poison...... ;)

Didn't they say that in Troy before they found that pretty little horse

Troy? you mean Cambridge.

I would have said," ho shit it doesn't fit through the gates" best we leave it outside the city.

Where it was used as a battering ram.................just another theory.

Well at least the very best of what we can expect of Ziff-Davis is, as always, the very least of what we can expect from the village idiot. That said, I think they need to hire someone with, at least, some experience with the LUSER community.

Remember the good ol' days when they just reported the news instead of constantly trying to MAKE it?

Interesting read Foxy~

Please check this out folks............I have been using it for a few years

http://www.internals.com

There are some interesting (slightly dated, but who am I to talk :D ) utilities.......

"Mail Control"...........

Doesn't do anything until you launch your mail client, so no resource overhead
Doesn't scan anything so no conflicts with AV, Firewalls etc
Just asks you to CONFIRM that you really wanted to send those 500 mails to every e-mail addy on your box :D

Bonus value................when it kicks off with something you didn't do, you KNOW you are infected, and can do something about it.

errrrrrrrrrr and it is free for private use :eek:

I have yet to see a mass mailer that can evade the "backstop" of a confirmation checking script?

OK in a corporate mass mailing environment you can set up exception rules to allow stuff through automatically...........so that one you have to manage by hand? but in the private and SOHO environments, I think that it is a good idea. Anyways, for corporate mass mailings you would batch them and get a human to launch the job?

Yes, the article was perhaps a little trite, shallow, complacent, or whatever, but I will go along with the proactive rather than reactive undertone.

just my thoughts

Doesn't do anything until you launch your mail client, so no resource overhead
Doesn't scan anything so no conflicts with AV, Firewalls etc Just asks you to CONFIRM that you really wanted to send those 500 mails to every e-mail addy on your box

But most viruses/worms today carry their own SMTP engine - run the Strings tool on them and you can read the Helo, Mail From, RCPT To etc. - So this tool isn't going to work against them.... or is there something I'm missing?

I seem to remember the "I LOVE YOU" virus being a fairly simple virus. Even with up-to-date firewalls and anti-virus software, the I LOVE YOU virus wreaked havock by simple social engineering.

E-mail viruses will be a thing of the past when we develop a patch for human stupidity.

Overdue~

I wrote two 4 line .reg files that totally stopped I love you on my site! And I did it 6 months before the virus :)

Tiger~

It monitors ALL SMTP engines, not just Micro$haft's or whoever

:D

Nihil: Ah, so it's a "firewall" for dest port 25..... Nice for a home user with a Linksys/D-Link type hardware Router/Firewall......

You need to have very old e-mail software that allows executable attachments; this means no Microsoft clients or patches of clients from the last 3 years.
Neither you nor your ISP can have remotely up-to-date anti-virus software.
You can't have a firewall (any decent firewall would stop the worm from sending mail).
Worst of all, you're a user of one of the public P2P networks like KaZaA.


Its not April 1st is it ?

Please tell me someone is not paying this @ss h@t. He is just as bad as the people on the other end of the stick who get hold of a new virus name and make it sound like it was responsible for everything from refrigerator failure to typhoons.

Tiger~

I have absolutely no idea how it works.........

Just have a look? it says that there is a commercial licence? but it should not be that difficult to write your own script to do a similar interception?

NOT my area of expertise, I just know that it will produce the query when I send e-mail

:)

like it was responsible for everything from refrigerator failure to typhoons. ]

No, Mark.............

The Hawker Aircraft Company was responsible for Typhoons (and Hurricanes and Tempests?)

Bad weather?

:D

For OverdueSpy:
[ E-mail viruses will be a thing of the past when we develop a patch for human stupidity. ]

There is a patch out there..................... Its an EYEPATCH !!!!!