Olympus-OM
[Top] [All Lists]

[OM] Re: Annoying virus

Subject: [OM] Re: Annoying virus
From: "John A. Lind" <jlind@xxxxxxxxxxxx>
Date: Sun, 02 May 2004 00:09:46 -0500
Steve,
You are correct . . . it was emailed through a Comcast SMTP 
server.  Comcast's IP block that contains the specific IP address is 
identified as Comcast's "Illinois-14" so I presume the end user (on cable) 
is somewhere in the Illinois region.

BTW, I've read other messages in the thread.  Comcast is an enormous source 
of SPAM and much of it is being spewed by cable and DSL accounts.  Other 
significant sources that stand out above the rest are CableVision, 
RoadRunner, Southwest Bell and Pacific Bell . . . not necessarily in that 
order.

I've received a spate of worm laden emails recently containing several of 
the recent NetSky and Bagle (aka Beagle) variants.  One surprising one was 
a BugBear too!  Nearly all of them come from high speed (cable/DSL) 
accounts which have permanent IP addresses (versus dial-up's dynamically 
assigned ones).  IMHO several technologies have converged to wreak the more 
recent worm havoc:
(a)  Rampant growth of high speed cable/DSL for "home" use which means the 
vast, vast majority of these users are totally clueless about high-speed 
connections (routers, etc.), permanent IP addresses and how to better 
secure a permanent connection . . . especially if left *on* 24/7 (which 
many do).
(b)  Several of the most recent Windoze versions including XP, ME, 2000, 
etc., that contain some enormous security problems with how network 
"sharing" is set up in them by default, not to mention some other 
significant chinks in their security armor that can easily be exploited.
(c)  Recent high growth of "wireless" connections to cable/DSL being used 
in the home.  The vast majority of these devices are unsecured "out of the 
box" and can be very easily exploited to gain access to the account and/or 
the machine (if left on) by someone with a "sniffer" in the back of a van 
parked down the block.  At the least, even if there is some basic security 
on the router end and a firewall on the machine, the packets are "in the 
clear" and can be monitored by automated software for passwords and 
financial account data.

A word to the wise:
Firewall, firewall, firewall!  Wireless needs to be encrypted and secured 
to preclude sereptitious account access.  Update, update, update! AV 
software needs to be updated twice weekly.  The creators of NetSky and 
Bagle worms are releasing new variants every couple of days and about half 
of the new ones slip under the wire of all past AV software virus signature 
files without being detected.  Windoze Update should be run no less than 
twice a month to plug all the security holes Gates can't seem to prevent up 
front and the worm creators keep finding and exploiting.  (Not enough time 
to do it right, but always time to do it over philosphy at 
MicroSloth???  Read the OS software license; there's no guarantee of 
suitability, fitness, or anything, including operability or security.)

-- John Lind

At 05:36 PM 4/30/04, you wrote:
>I did not send the message below to the list.  Can someone out there take a
>look at the following and see if there's anything there that looks like a
>clue to who on the list might have this virus?  Someone on Comcast
>broadband, perhaps?
>
>Steve Troy


The olympus mailinglist olympus@xxxxxxxxxx
To unsubscribe: mailto:olympus-request@xxxxxxxxxx?subject=unsubscribe

To contact the list admins: mailto:olympusadmin@xxxxxxxxxx?subject="Olympus 
List Problem"
        

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz