Re: attachment and e-mail where to report these security issues?

From: D.Currie (dmbcurrie.nospam_at_hotmail.com)
Date: 03/26/04 

Date: Thu, 25 Mar 2004 23:16:54 -0700

If somebody wants to go through the trouble of looking up the sender
properly, that's one thing, but most folks aren't going to bother with much
more than the name it's coming from. Why bother with messy headers when they
can simply report the person to their ISP? And if the viruses are coming en
masse like swen did, few people are going to bother with much more than
cleaning out the junk.

Like people who bounce spam back, not realizing that the return addresses
are often fake.

Of course, you're correct that the instructions were the right way to report
the virus, but I doubt most people will go through all of that for every
virus email they get.

If you read the way the OP phrased it -- wanting to report the "twit" who
sent it, you can see that people tend to want to blame the person whose name
is on the email, rather than understand that the sender is also a victim,
and the name is likely to be false.

"Phil Weldon" <notdisclosed@example.com> wrote in message
news:lvO8c.1150$Dv2.840@newsread2.news.pas.earthlink.net...
> No, you don't understand. These infected messages use harvested email
> addresses in the "From" field in the headers, but the IP address in the
> headers is the actual IP address the infected system used for its
connection
> to the internet. If you follow the directions Veronica Loell gave, the
ISP
> will have the information necessary to locate the account with the
infected
> system, even if the IP address were dynamically assigned. And if the
> "From" email address WERE correct (which it never is - after all the virus
> writers don't want the infected systems tracked down), then it would be a
> GOOD a thing, not a bad thing, to let the ISP know. After all, if someone
> has an infected system, don't you think they would like to know about it
and
> get help? Think about it; if your system were spreading a virus you would
> like to know about it as soon as possible, I hope.
>
> --
> Phil Weldon, pweldonatmindjumpdotcom
> For communication,
> replace "at" with the 'at sign'
> replace "mindjump" with "mindspring."
> replace "dot" with "."
>
> "D.Currie" <dmbcurrie.nospam@hotmail.com> wrote in message
> news:c4087c$2dserh$1@ID-193095.news.uni-berlin.de...
> > Unfortunately, if you report the sender, you're either reporting some
poor
> > fool whose computer is infected (and he's either fighting it or doesn't
> know
> > he has it) or you're reporting some innocent third party whose address
is
> > being spoofed by the virus because the infected computer has that name
in
> > the address book. Most likely it's going to be the innocent third party
> > because that's the way most of the newer viruses work these days.
> >
> > So not only does it do no good, it also can harm an innocent person if
the
> > ISP does take some action and/or it ties up the ISP who get these
reports.
>
>

Relevant Pages