what to do about Windows email worms

[richb at pioneer.ci.net (Rich Braun)]

Chris Devers <cdevers at pobox.com> wrote:
> I suspect the spam problem would be *a lot* worse if every copy of Windows
> shipped with a working SMTP server.

Not if we put each machine through a Homeland Security checkpoint.  Basically,
sniff it for explosives and bombs; encrypt everything with triple-DES but
provide Carnivore-sniffing keys to the NSA; photograph and fingerprint the
buyer and all authorized family members; and implement a 5-day waiting period
in order to conduct a criminal background check before issuing 365-day
software registration keys to the buyer's "confirmed" street address (after
cross-checking against the buyer's credit card billing address).

Hmm, do we live in Germany of 1937 or America of 2004?

;-)

I myself got hit with a worm last night, first time I can ever remember.  I
got curious to see what was in something labeled "body.zip", and didn't pay
close enough attention to see that the MIME type was application/octet rather
than a text file.  (To keep me fooled for a few seconds longer, it actually
did invoke my ZIP extractor program...before making a number of blocked
attempts to transmit outbound port 25.)  This may or may not be MyDoom; I got
rid of the worm by booting in "Safe" mode, running msconfig, andcomparing it
with an uninfected system -- noticed that it created an entry
"\windows\system\taskmon.exe" which is similar to the standard
"\windows\taskmon.exe".  It dumped a few megs of stuff into
\windows\system.dat, probably mining the C drive for email addresses.

Best way to protect yourself against these things is to set up an outbound
filter rule restricting any Windows box from connecting to port 25.  (I have a
Linux box designated as my mail server, only that machine is allowed past the
firewall on the SMTP port.)

-rich
P.S.  Vote early, vote often, throw the bums out.