[Snort-users] Please virus scan your systems

Drew Smith drew at ...11193...
Wed Feb 11 20:06:01 EST 2004


On Wed, 2004-02-11 at 16:33, Matt Southworth wrote:
> Bryan Irvine <bryan.irvine at ...9066...> wrote on Wed, Feb 11, 2004 at 11:30:14AM -0800:
> ¡ about the only virus that can get through this list is the honor system
> ¡ virus, whereupon receiving it, you delete a bunch of random files,
> ¡ forward the emal, and reboot.
> ¡ 
> ¡ Those virus alert are most likely the cause of someone you've emailed
> ¡ sometime in your life getting mydoom or a similar virus.  It's pretty
> ¡ simple to tell if it came from this list, look for attachements.
> ¡ 
> ¡ It's a coincidence move on.
> 
> I've got to say this doesn not coincide with my experience. Starting
> about 2 weeks ago I've received more than a dozen infected emails to 
> the address I use ONLY for snort-users (see above...) - this adress
> only appears on google in archives of the mailing list. It could be
> spam harvested from that, I suppose, but I think it's more likely
> that someone who at one time subscribed to this list is or was 
> infected.

Not to be insulting or abrupt in anyway, but has it occured to you that
it's quite possible that someone or something has harvested the list for
email addresses? Doesn't it seem rather odd that you seem to be the only
one having the problem if this list really is the source of your
problem? Or perhaps somebody who has been writing to the list from a
'doze system has at some point has become infected?

As an example: My father got on me a few weeks ago for having him go to
a site handles an "opt-out" list since within a day or two later he was
getting hammered with crap by the W32-novarg worm. Since I host his
domain I had the ability to figure out within very close proximity just
where the crap was coming from.  As it turned out, my mother had been
staying at my sister's house for a few days and the system was infected
when she got there. That system was sending mail to everyone in my
father's domain from Tom, Dick and Harry to Shirley and Laverne. Through
a process of elimination I managed to find the source.  Fortunately, on
my advice, my father always keeps his 'doze systems virus scanners up to
date and it was only an annoyance.

Either way, it's out of you hands. Good luck trying to find the source.
I had at the most 50 or 60 possible's to deal with. If you suspect this
list you'd be looking in the millions. 

Want a really good url for a spamassassin setup? I'm just putting the
finishing touches on an install. Claims to be 95% effective on spam. I
guess what I'm really saying is, deal with it or let it go. And I don't
in any way mean any offense by that. It's just the reality of it.

Drew





More information about the Snort-users mailing list