SPAM swapped for viruses in my inbox

By on March 21, 2004, 3:40 AM
During the last few weeks I seem to be getting less and less SPAM in my e-mail, and this you would think is good. But when it infact get replaced by viruses it is not, especially not since the viruses are much larger per e-mail than regular SPAM e-mails.

It all started like an ordinary virus with the latter "Bagle.A" on January the 18th... fast forwarding to the current day we have "Bagle.S", yes that is 20 versions of the same Virus in 2 months! I keep track of these viruses via F-Secure's [URL=http://www.f-secure.com/weblog/]Weblog[/URL], where F-Secure antivirus staff post details on the latest viruses as they find them. These viruses install backdoors that are used for sending SPAM from the affected computers, this backdoor allows the virus writers full control over infected PC's, they can update their viruses and install software on those computers...

There have also been a new virus just released that works similarly to the old Slammer worm, this one is called Witty but only infects computers with the Black ICE software. [URL=http://xforce.iss.net/xforce/alerts/id/167]ISS Advisories[/URL]. It would seem that this indeed is starting out as the [URL=http://www.techspot.com/vb/showthread.php?s=&threadid=10145]year of the Superworm[/URL].




User Comments: 10

Got something to say? Post a comment
Shiney said:
I have also noticed a large increase in viruses in my email, mainly the W32.Netsky.B@mm. Before I was only getting one a month now it's up 2+ a day :(
david5182 said:
Same for me.I use my business address rarely and only for business.I have never received any spam nor any viruses. Now, although it is still spamless, I get this W32.Netsky.B@mm virus about once a day.When will theses virus writers become extinct? :)
Nodsu said:
[quote]When will theses virus writers become extinct?[/quote] It will happen sometime after we enforce the laws of natural selection and shoot all unknown email attachment opening/Outlook using ****** on the spot. Wiping out Microsoft and all Windows installations in the world would do the trick also. You decide which is easier :p
Per Hansson said:
Nodsu; I think I would prefer both :D
SNGX1275 said:
My university has some antigen software or something on its end, so when all this Bagle crap came out at first it didn't catch it, but within a day everytime I'd get one it would just be the e-mail with the zip removed and replaced with a text file saying what was removed. So perhaps if ISPs would provide end filtering like my University does, the severity of this issue would be decreased substantially.
Nodsu said:
The problem is that an ISP can't block password protected .zips because there are quite many legit encrypted archives moving around and in most cases the sysadmins are too stupid/too lazy/unable to define the bagle letters in spam filter rules. Not to mention that the number of spam filtering capable mail servers is even lower than than the minuscle amount of AV-enabled email gateways.
Per Hansson said:
Our mailscanner at work detects viruses in encrypted e-mails.I think most large virusscanners have figured out how to do it...
Nodsu said:
You mean there is an easy and efficient way to look at data inside encrypted zip files? What's the point in encrypting the damn things in the first place? :pMost likely the mailscanner just blocks all encrypted zips or it has some custom rule definition possibility where you can put in the characteristics of a virus mail and let it block those.
StormBringer said:
My ISP blocks them as well, has been since right after that bagle crap, and it doesn't block all encrypted zip files.
Per Hansson said:
[quote][i]Originally posted by Nodsu [/i]Most likely the mailscanner just blocks all encrypted zips or it has some custom rule definition possibility where you can put in the characteristics of a virus mail and let it block those. [/quote] No, I tried sending an encrypted virus through our mailscanner that I got to my Techspot mail and it sent back an e-mail telling me what type of virus it found inside the encrypted file...
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.