[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F45757F.2071.7BDAD586@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: [inbox] Re: Fwd: Re: Administrivia: Binary
Executables w/o Source
"Jason Coombs" <jasonc@...ence.org>, whose input is usually
intelligent, considered and well-reasoned, chose to fall from his
pedestal thus:
> Curt Purdy opined:
> > FWIW I disagree with any moderation at all.
> > The point is, this is a FREE forum, one of the few left in the world.
>
> I agree completely. The sobig spam is valuable -- it shows us who we
> should not trust to operate a computer.
_If_ you know what to take from the headers _AND_ have omniscient
access to the mythical IP-to-user mapping address list...
You -- like several incredibly clueless posters today -- are entirely
incorrect in this case.
Look up any vaguely competent description of the workings of this
virus. Then explain how you would divine the real victim, as opposed
to the addresses spoofed by the virus, from Sobig's mail.
Better yet, save yourself the time trying, as the answer is you cannot.
> It also reveals the identity of people who have us in their address
> books without our consent.
D'oh! number two.
Sobig gathers Email addresses from _many_ file types it finds on its
victims' machines including the file types of the Email message
"folder" files used by mailers, HTML files. .HLP files and .TXT files.
Your comment again shows an uncharacteristically ignorant view of the
actual situation.
> By blocking 2,000+ copies launched at the list we've been saved some
> bandwidth ...
"some" = approx 200MB (each virus message is approx 100KB).
> ... but we've been deprived of the opportunity to point and laugh
> at the people who subscribe to full-disclosure who got hit by the silly
> thing.
Or, if you understood how the virus really works, you were saved the
embarrassment of being shown to be a fool by your pointing and laughing
at the wrong people.
So how ironic that you were then silly enough to post this drivel so
those of us who do know how Sobig works get to laugh at you and others
like the clown of Clowater...
> Just as some people in business refuse to do business with any person or
> company who sends spam, some of us also refuse to do business with
> anyone incompetent enough to get hit by a virus or worm.
Indeed, but the truly cluefull refuse to do business with those who
clearly don't know anything important about something they should.
What's that saying -- better you be thought a fool than open your mouth
and remove all doubt?
> Perhaps Len could send a single digest message to the list revealing the
> identity of each subscriber who tried to spam us with a sobig attachment
> -- it's the least he could do after intentionally covering up for these
> people.
And, if your address were on that list?
_That_ wouldn't make me laugh at all because I understand that your
address would be there because you were _NOT_ infected (well, almost
certainly not...). And, I know for a fact that I am not and have not
been infected (well, I deliberately infected machines in my test
network but that's not connected to the Internet and has not "released"
anything) _BUT_ I'd not be at all surprised to see my address on that
list as I've received several dozen bounces for apparently sending the
virus.
As it seems to be the day for it -- go stand at the back of Clowater's
cluestick queue.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists