Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

what to do about Windows email worms



No Offense, but it truely amazes me the number of people on a Linux mailling list that run Windows, and on top of that windows mailer software.


-miah

On Tue, Jan 27, 2004 at 02:15:27PM -0500, Rich Braun wrote:
> Chris Devers <cdevers at pobox.com> wrote:
> > I suspect the spam problem would be *a lot* worse if every copy of Windows
> > shipped with a working SMTP server.
> 
> Not if we put each machine through a Homeland Security checkpoint.  Basically,
> sniff it for explosives and bombs; encrypt everything with triple-DES but
> provide Carnivore-sniffing keys to the NSA; photograph and fingerprint the
> buyer and all authorized family members; and implement a 5-day waiting period
> in order to conduct a criminal background check before issuing 365-day
> software registration keys to the buyer's "confirmed" street address (after
> cross-checking against the buyer's credit card billing address).
> 
> Hmm, do we live in Germany of 1937 or America of 2004?
> 
> ;-)
> 
> I myself got hit with a worm last night, first time I can ever remember.  I
> got curious to see what was in something labeled "body.zip", and didn't pay
> close enough attention to see that the MIME type was application/octet rather
> than a text file.  (To keep me fooled for a few seconds longer, it actually
> did invoke my ZIP extractor program...before making a number of blocked
> attempts to transmit outbound port 25.)  This may or may not be MyDoom; I got
> rid of the worm by booting in "Safe" mode, running msconfig, andcomparing it
> with an uninfected system -- noticed that it created an entry
> "\windows\system\taskmon.exe" which is similar to the standard
> "\windows\taskmon.exe".  It dumped a few megs of stuff into
> \windows\system.dat, probably mining the C drive for email addresses.
> 
> Best way to protect yourself against these things is to set up an outbound
> filter rule restricting any Windows box from connecting to port 25.  (I have a
> Linux box designated as my mail server, only that machine is allowed past the
> firewall on the SMTP port.)
> 
> -rich
> P.S.  Vote early, vote often, throw the bums out.
> 
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org