April 8th, 2002, 12:35 PM
Exchange Trick for virus....
From my little experience in virus fight , i have realised that when a virus hit a mailbox , it starts spreading readind the Global Address list.... now.. in most cases it starts from the begining of the names.... so ...I was thinking if it could do any good , to create a fake male (for example firstname.lastname@example.org) to the Global address list so that even if the antivirus dont catch it , the first name that will be hit, will be the fake one and so you'll be able to realise that smtg is happening..... .... what do u think about it ??
April 8th, 2002, 01:26 PM
Well, a lotof virii contain their own smtp program, so you will have to watch all outbound conections, and hope that you catch it. Also, it runs pretty fast, so the chances of you actually catching it on the first address..... On some of the older virii, this worked really well, because it actually checked to see if the message was sent. If not, it would retry, so the virus would hang on the first message, but now it just mass mails to every address it can find.
\"Ignorance is bliss....
but only for your enemy\"
April 8th, 2002, 01:42 PM
Thank you for your answer... what i meant was that even if the antivirus doesnt recognise the virus as virus and let it pass , the viri will start email itself to everyone in the Global Address list.... The effort isnt to stop the virusby making it hang , but for the Administrator to be notified that smtg is wrong.... an email box that is never used and suddenly gets an email, means smtg .....
April 8th, 2002, 05:00 PM
Variations of this trick have been discussed for some time now. The Virus Myths website had an article in which they basically said it's not really a good idea. The article can be read HERE
April 8th, 2002, 05:07 PM
Actually, what I did was create 75 "hidden" addresses and it fooled most virus into mailing itself to the first 50 or so fake addresses. It works pretty well ,but nothing takes the place of a good enterprise virus scanner.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
April 8th, 2002, 06:34 PM
Why not just remove system access to the the script engines i.e. 'wscript.exe' and 'cscript.exe'. these are the files that allow the execution of VBS and WSH scripts which account for more than half of these mass mailer worms. change the permissions to Special Access > Read Only.
This will stop the script viruses dead...
April 9th, 2002, 07:33 PM
i have read the article DjM and it talks about chain letters and how to avoid them .... It also sais that from their experience Administrators dont use that trick ...... i didnt read smtg else in there ....