Exchange Trick for virus....
Results 1 to 7 of 7

Thread: Exchange Trick for virus....

  1. #1
    Junior Member
    Join Date
    Mar 2002
    Posts
    8

    Exchange Trick for virus....

    From my little experience in virus fight , i have realised that when a virus hit a mailbox , it starts spreading readind the Global Address list.... now.. in most cases it starts from the begining of the names.... so ...I was thinking if it could do any good , to create a fake male (for example aaabaar.aaaabar@smtg.com) to the Global address list so that even if the antivirus dont catch it , the first name that will be hit, will be the fake one and so you'll be able to realise that smtg is happening..... .... what do u think about it ??

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Well, a lotof virii contain their own smtp program, so you will have to watch all outbound conections, and hope that you catch it. Also, it runs pretty fast, so the chances of you actually catching it on the first address..... On some of the older virii, this worked really well, because it actually checked to see if the message was sent. If not, it would retry, so the virus would hang on the first message, but now it just mass mails to every address it can find.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Junior Member
    Join Date
    Mar 2002
    Posts
    8
    Thank you for your answer... what i meant was that even if the antivirus doesnt recognise the virus as virus and let it pass , the viri will start email itself to everyone in the Global Address list.... The effort isnt to stop the virusby making it hang , but for the Administrator to be notified that smtg is wrong.... an email box that is never used and suddenly gets an email, means smtg .....

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Variations of this trick have been discussed for some time now. The Virus Myths website had an article in which they basically said it's not really a good idea. The article can be read HERE


    DjM

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Actually, what I did was create 75 "hidden" addresses and it fooled most virus into mailing itself to the first 50 or so fake addresses. It works pretty well ,but nothing takes the place of a good enterprise virus scanner.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Banned
    Join Date
    Jul 2001
    Posts
    264
    Why not just remove system access to the the script engines i.e. 'wscript.exe' and 'cscript.exe'. these are the files that allow the execution of VBS and WSH scripts which account for more than half of these mass mailer worms. change the permissions to Special Access > Read Only.

    This will stop the script viruses dead...

  7. #7
    Junior Member
    Join Date
    Mar 2002
    Posts
    8
    i have read the article DjM and it talks about chain letters and how to avoid them .... It also sais that from their experience Administrators dont use that trick ...... i didnt read smtg else in there ....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides