GENMSC-L ArchivesArchiver > GENMSC > 2002-05 > 1022608521
From: Singhals <>
Subject: Re: WARNING - Dangerous messages from Hertfordshire
Date: Tue, 28 May 2002 13:55:21 -0400
References: <wmOI8.47323$Kp.firstname.lastname@example.org>, <UyOI8.1649$Cn4.email@example.com>, <1LOI8.52358$Oa1.firstname.lastname@example.org>
SkyNet News wrote:
> Obviously the correct approach is a good antiviral program and keeping
> signatures current. But it does little harm to add one little item like that
> as another tool in the armory.
> Incidentally most mail clients send serial and if the first address, pops up
> an error and freezes the send as Outlook would, it offers the opportunity to
> stop further sends if that message does pop up.That would of course assume
> all the addresses were put into the single a-mail. Multiple messages would
> still be queued but one would get a warning.
> All I was saying is adding this one more simple trick adds another tool, it
> certainly is not a panacea, nor indeed is anything else. Sorry I didn't make
> that clear
> MickG :)
> "Rick J" <> wrote in message
> > "SkyNet News" <> wrote in message
> > news:wmOI8.47323$...
> > > Just try it! Certainly in Outlook and Outlook Express attempting to
> > send to
> > > that address does pop up an error warning that the address is invalid
> > thus
> > > any viruses that tries to use every address in your address book
> > *will*
> > > cause that error box to pop up whatever urban legends sites say.
> > Mick,
> > I think you misunderstood the point that was made. What you say is true
> > but:
> > The virus under discussion doesn't send to ALL in Address Book, it picks
> > one or more names at random. So your suggestion doesn't prevent that.
> > If it is a virus that sends to all you WILL as you say get a warning but
> > the message will probably go to all other addressees, so you will know
> > what happened but it WILL have happened.
> > Further with the virus under discussion, it selects YOUR name from
> > somebody else's address book and Emails using you as the sender. Then
> > the person who receives is likely to blame you. Or if the attempt to
> > send fails (and it will sometimes depending on the SMTP server) you will
> > get a puzzling message about undeliverable Email that you never sent In
> > this case, of course, your suggestion doesn't work.
> > No harm in your suggestion and no harm in the similar suggestion that
> > you include your own EMail address in your address book. But either
> > suggestion will ONLY warn you AFTER the event and neither helps at all
> > with the KLEZ virus.
> > .
And all we're trying to tell you: KLEZ doesn't *necessarily* pick
addresses from your address book. KLEZ may do that, or it may
pick names out of your incoming --or outgoing-- e-mail, or from
your bookmark file, or from any wisps of webpages you have stored
in cache or in a directory.
If it picks my e-dress out of your in-box and puts me as SENDER
and then picks Dave's e-dress out of your out-box as TO: then
your address book was never touched, and even if !0000 worked
(which it doesn't in all e-mail clients), it didn't work here and
you've got a false sense of security.
Does it hurt anything? Not unless you get complacent because
you've put !0000 in. Does it help anything? Not usually.
|Re: WARNING - Dangerous messages from Hertfordshire by Singhals <>|