[BC] is some new virus out there?

[Cowboy]

On Sunday 27 November 2005 12:46 pm, Donna Halper wrote:
>This morning, when I began to download my mail, I noticed about 35 bounce 
>messages, all from the postmaster at AOL, and all to people I had never 
>sent an e-mail to. 

 As Barry suggests, this is usually the result of some spammer sending
 millions of porn ads, mortgage ads, and what-not in your name.
 There are also several ( few thousand ? ) Micro$oft specific worms that
 masquerade as various sources in hijacked "address books" so that it really
 is impossible to determin the original originating source, as it only 
 becomes possible to reliably trace back to the infected machine.

 As such, it's entirely possible that someone you know, knew, or someone
 else that knows someone you once had correspondence with has a virus
 infection that is churning out bogus mail masqueraded as though it came
 from you.

 The "standard" is that these are returned to the sender specified in
 the envelope address, not the address in any of the headers that you see.
 ( like the post office, every message is wrapped in an envelope, and
 "post-marked" by every mail transport it travels through. Returning to
 the originating mail server is not difficult, and is "standard" That server is
 then tasked with returning to the envelope sender. It's not tough to fake
 an envelope sender, but requires some specific knowledge of ESMTP
 protocal, and these days, a resolvable address )
 What you see is the equivalent of a proper etiquite "inside address".
 Two major players don't subscribe to the world standard.
 One is Micro$oft, and the other is practically every web-mail service
 out there.
 There are a few others as well.
 They ignore the envelope, and use the inside address ( the visible headers ) only.
 M$ goes so far as to discard a majority of the visible headers as well.
 This was a HUGE problem with Spam-O-Matic, trying to make it "Micro$oft
 compliant" when they do almost everything possible to make that impossible.

>Also, please straighten something out for me, in language that a non-techie 
>like me can comprehend, please!  Is it still true that if you don't open 
>any attachments, you are usually safe, since that is still how most viruses 
>are transmitted? 
 
 No !

 I've been saying for years, and been told I didn't know what I was talking
 about, until both McAfee and Norton suddenly agreed with me, that simply
 viewing the wrong message with the wrong mail client on the wrong OS is all
 that's required.
 This has been the case since about 1990 or so, but was only demonstrated
 in the lab ( apparently only my lab ) until the first release of OutlookExpress.
 ( prior to that, specific knowledge was needed about the target machine, but
 it was always very do-able )
 With OE, it suddenly became nearly impossible to prevent Windows from
 auto-executing any virus included in any e-mail by almost any simple means.
 THAT's when virus attachments really took hold.
 There has been some improvement in M$ mailers since then, but not much.
 ANY mail client that automaticly displays HTML mail is vulnerable to infection
 simply by viewing the wrong message.
 The *primary* means today, is attachments, but it's not exclusive.
 Only a fool opens attachments without precautions ! ( from ANY source )
 This is easily circumvented with HTML mailers, and is one reason some
 of us ( a large majority ) reject any mail sent as HTML, or at least take some
 severe precautions with it.

 *Generally* speaking, avoiding attachments is going to protect you from
 the majority, since the majority are the worms that attach themselves to
 bogus e-mail, and are totally automated, but it is by no means 100 percent.

 The only fool-proof means of avoiding these, is don't use Micro$oft !
 For most, that isn't a practical option, so next-best ( though not fool-proof )
 is an ISP that does censor, by virus-scanning, your mail for malicious content.

-- 
Cowboy

http://cowboys.homeip.net

One thing the inventors can't seem to get the bugs out of is fresh
paint.