Re: attachment and e-mail where to report these security issues?

From: Phil Weldon (notdisclosed_at_example.com)
Date: 03/26/04 

Date: Fri, 26 Mar 2004 21:58:01 GMT

It isn't hard to find the necessary headers. And "you guys" includes YOU.
Your suggestion is good, and, in fact, part of the task is even simpler than
you imagine. Even ONE infected email message (or Usenet newsgroup post) is
enough to identify the originating computer system as infected. On the
other hand, one difficulty coordinating between the antivirus dectector
and the email program, since there are at least a dozen of each.

As for an email looking suspicious, that is something a person can do much
better than a machine... your brain is much better than a computer for many
tasks. An antivirus program with up-to-date virus programs scanning email
can protect you to a great extent, but your brain is also an important
protection. I use a program call MagicMailMonitor, recommend by Veronica
Loell, to screen all my email. It contacts my ISP's mail server and
retrieves only the headers and a portion of the body of each email, then
displays the normal columns of information that any email program does. I
have them sorted by size, so email with attachments usually come at the
end... about 45 messages at a time can be displayed. It is great for
deleting spam (a human can identify spam from just the "From", "To", and
"Subject" fields more accurately than any antispam program, and the filters
in MagicMailMonitor can be set to identify particularly high volume worm
generated infected email (like swen) for automatic deletion. Two minutes of
my time with MagicMailMonitor each day takes care of all my unwanted email.
If you really want to second guess yourself, you can use MagicMailMonitor to
download the entire message and open it as text only, thereby avoiding any
vulnerability exploitation for automatic infection.

Finally, since you use Outlook Express 6.0 to post (that's in the headers of
your post), all you need to do to get the full headers of a message is to
right click on the message in your message list and select "Options"; a
window will open and display all the headers which can then be copied and
pasted into a notification email.

Of course, and even better solution, and really, the only solution, is for
all ISP's and email service providers to scan ALL email for viruses, then
helping their customers get clean. Some already do so, and more are
beginning to. 

-- 
Phil Weldon, pweldonatmindjumpdotcom
For communication,
replace "at" with the 'at sign'
replace "mindjump" with "mindspring."
replace "dot" with "."
"BeamGuy" <nobodys@SPAM.com> wrote in message
news:euAmrc3EEHA.2088@TK2MSFTNGP10.phx.gbl...
> Well - if finding the true source of the email is so hard why do you guys
not automate
> it? Perhaps you could give us a button, "Forward to sender's ISP
provider"?
> Such messages could be packaged in a way that allowed the ISP to file them
in
> a database program that helps decide what to do about it. For instance, if
I forward
> today's worm_netsky.P message back to the provider they could have a tool
that
> pops up a window on the manager's desk something like:
>    Today 25 different people have complained about this customer,  and we
just
>    tracked him sending another 500 emails, and we recommend suspending
>    his account (yes/no).
>
> In fact why do you guys not at least warn me that an email looks
suspicious. For
> instance if the return address is bozo@netzero.com but the originator is
in the
> domain imtt.nf.ca could you at least flag it as being a little suspicious?
Netzero
> does not accept smtp email from any networks other than their own.
>
Quantcast