Ok, Who's got the virus?

On Thu, 2 Oct 2003 21:58:25 -0400, Keith R. Williams
wrote:

I convince them by refusing to read their spam. It's
unbelievable that spammers use HTLM for email.

Why unbelievable? The use of HTML in email actually provides them with
an excellent way to tell if you're active or not. Some of them embed
image links with address specific ID. If you're using some of them
security-less client, those images get loaded the moment you even
preview/look at the email.

All the spammer has to do is conduct periodic scan of their httpd logs
to harvest the list of active email accounts to resell/reuse for
higher value returns on advertising.... :P

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

On Sun, 05 Oct 2003 04:23:18 GMT,
(The little lost angel) wrote:

On Fri, 03 Oct 2003 22:44:26 GMT,
(George Macdonald) wrote:
On a related note, I saw where the U. Aberta got a bloody nose from the
industry a few weeks ago for announcing it was offering a virus writing
course. Symantec, McAfee et.al. snorted, huffed and puffed about how they
would never consider any such person as a potential employee.

Why wouldn't they? Virus writers are the very people keeping them in
business no? Or was it just some spin doctoring to maintain the public
illusion that they are not sponsoring/employing any such
'professionals' :PppP

I dunno but I guess it must be something to do with their "image". U.A.
seemed to think that the skills woul be useful for a professional virus
"hunter" I guess but the industry thought not or didn't want the stigma.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Sun, 05 Oct 2003 04:27:27 GMT,
(The little lost angel) wrote:

On Thu, 2 Oct 2003 21:58:25 -0400, Keith R. Williams
wrote:

I convince them by refusing to read their spam. It's
unbelievable that spammers use HTLM for email.

Why unbelievable? The use of HTML in email actually provides them with
an excellent way to tell if you're active or not. Some of them embed
image links with address specific ID. If you're using some of them
security-less client, those images get loaded the moment you even
preview/look at the email.

All the spammer has to do is conduct periodic scan of their httpd logs
to harvest the list of active email accounts to resell/reuse for
higher value returns on advertising.... :P

Can they actually get e-mail addresses from such hits? Do any of the
current browsers/e-mail allow or default to that? Personally I prefer
separate e-mail software, like Eudora with the Microsoft Viewer turned off
at the office but at home I use Mozilla 1.4 with HTML turned down.

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??

On Fri, 03 Oct 2003 22:44:26 GMT,
(George Macdonald) wrote:
On Fri, 03 Oct 2003 06:50:40 GMT, Tony Hill
wrote:
Agreed. I've received a number of Word documents that I needed and
that were sent by relatively trusted sources which ended up being
infected by viruses. Not a problem, my AV software picked it up right
away and safely removed the virus, but without AV software my PC
definitely would have been infected. One case in particular I
remember was a class assignment sent out by a professor. In fact, not
just any professor, this was a CS class and a CS professor that sent
the virus. Ok, maybe the CS professor shouldn't have been sending out
assignments in MS Word format, but it wasn't like I could just ignore
any work he sent out on those grounds.

Hmmm, that's a tricky one.:-) Is it wise to inform your CS prof that his
computer is infected with a virus? So.... how'd you handle it then?

Yup, passed on a quick (and polite : ) note to the prof, as did some
others I guess, because he did clean it up. Point being though, I
never would have known without my virus scanner. Document was from a
(semi) trustworthy source and it was a document I needed. If I had
followed the advice of the "virus scanners are only good for cleaning
up after you get infected" people, I wouldn't have noticed right off
the bat, would have infected my PC and possibly lost important data.

On a related note, I saw where the U. Aberta got a bloody nose from the
industry a few weeks ago for announcing it was offering a virus writing
course. Symantec, McAfee et.al. snorted, huffed and puffed about how they
would never consider any such person as a potential employee.

I've gotta say that I found it a bit of an odd choice (I seem to
remember it being just a section of a course on computer security
though, but my memory is a touch foggy about this story). I don't
know that it will really lead to any increase of viruses in the wild,
and Symantec, McAfee et. al were definitely over-reacting and could
probably benefit most from an employee from said course. Still,
seemed like an odd thing to teach. Kind of like having a course on
breaking and entering in law school :

-------------
Tony Hill
hilla underscore 20 at yahoo dot ca

On Fri, 03 Oct 2003 22:06:09 -0400, Stacey wrote:
Tony Hill wrote:

I'm moving in a few days time and will be
back behind my good ol' faithful Linux gateway/firewall (albeit one
needing several patches to fix the recent OpenSSH and OpenSSL security
vulnerabilities, but Debian makes that a dead-easy job).

Are you running OpenSSH on the hostile side of the firewall? If so why?

Usually no, only on the local "clean" side. However, I do turn it on
from time to time when I need to access my PC remotely. Either way, I
don't like taking chances.

-------------
Tony Hill
hilla underscore 20 at yahoo dot ca

On Sun, 05 Oct 2003 12:16:37 GMT,
(George Macdonald) wrote:
On Sun, 05 Oct 2003 04:27:27 GMT,
(The little lost angel) wrote:
Why unbelievable? The use of HTML in email actually provides them with
an excellent way to tell if you're active or not. Some of them embed
image links with address specific ID. If you're using some of them
security-less client, those images get loaded the moment you even
preview/look at the email.

All the spammer has to do is conduct periodic scan of their httpd logs
to harvest the list of active email accounts to resell/reuse for
higher value returns on advertising.... :P

Can they actually get e-mail addresses from such hits?

You better believe they can.

"

Who cares if it's not a real image URL, the client still tries to open
it and the spammer has your e-mail address. If the spammer so
desires, they can even send back a 1x1 image that you'll never notice.

Do any of the
current browsers/e-mail allow or default to that?

I'm not aware of any HTML-capable e-mail client that DOESN'T default
to this.

Personally I prefer
separate e-mail software, like Eudora with the Microsoft Viewer turned off
at the office but at home I use Mozilla 1.4 with HTML turned down.

Most e-mail clients allow you to block remote images, but you have to
turn it on. Yahoo lets you block remote images, but again you have to
turn it on. I believe that Hotmail can automatically detect some
"tracking image" links like this, but not all of them, though they do
have the option to turn off all remote image loading.

Note though that this is NOT the only way that they can do it. There
are other HTML tags that spammers can embed in their code that will
give them your e-mail address unless your client uses some fairly
strict policies about what it does and does not do as far as HTML
display goes.

-------------
Tony Hill
hilla underscore 20 at yahoo dot ca

In article , fammacd=!
says...
On Sun, 05 Oct 2003 04:23:18 GMT,
(The little lost angel) wrote:

On Fri, 03 Oct 2003 22:44:26 GMT,
(George Macdonald) wrote:
On a related note, I saw where the U. Aberta got a bloody nose from the
industry a few weeks ago for announcing it was offering a virus writing
course. Symantec, McAfee et.al. snorted, huffed and puffed about how they
would never consider any such person as a potential employee.

Why wouldn't they? Virus writers are the very people keeping them in
business no? Or was it just some spin doctoring to maintain the public
illusion that they are not sponsoring/employing any such
'professionals' :PppP

I dunno but I guess it must be something to do with their "image". U.A.
seemed to think that the skills woul be useful for a professional virus
"hunter" I guess but the industry thought not or didn't want the stigma.

Perhaps M$ needs such skills for OS architects.

--
Keith

On Sun, 05 Oct 2003 12:16:37 GMT,
(George Macdonald) wrote:

Can they actually get e-mail addresses from such hits? Do any of the
current browsers/e-mail allow or default to that? Personally I prefer
separate e-mail software, like Eudora with the Microsoft Viewer turned off
at the office but at home I use Mozilla 1.4 with HTML turned down.

Oh yesh, if you have some kind of http server running with logs on,
try assessing it with a invalid document with your email address i.e.


Then look at your log, the request will be there.

Of course, if I'm running a professional spamming outfit, I would just
make the img src a script file that tags the address automatically.
Some uses hashed codes that matches their internal database so that
you don't notice it straight off.

Even if you turn off image loading, I have the feeling they can still
do it by embedding a request for a non-existent style sheet or
something else. There just ain't no way of escaping them HTML spammers
short of using a non-HTML email reader.

--
L.Angel: I'm looking for web design work.
If you need basic to med complexity webpages at affordable rates, email me
Standard HTML, SHTML, MySQL + PHP or ASP, Javascript.
If you really want, FrontPage & DreamWeaver too.
But keep in mind you pay extra bandwidth for their bloated code

The little lost angel wrote:

On Sun, 05 Oct 2003 12:16:37 GMT,
(George Macdonald) wrote:


Can they actually get e-mail addresses from such hits? Do any of the
current browsers/e-mail allow or default to that? Personally I prefer
separate e-mail software, like Eudora with the Microsoft Viewer turned off
at the office but at home I use Mozilla 1.4 with HTML turned down.


Oh yesh, if you have some kind of http server running with logs on,
try assessing it with a invalid document with your email address i.e.


Then look at your log, the request will be there.

Of course, if I'm running a professional spamming outfit, I would just
make the img src a script file that tags the address automatically.
Some uses hashed codes that matches their internal database so that
you don't notice it straight off.

Even if you turn off image loading, I have the feeling they can still
do it by embedding a request for a non-existent style sheet or
something else. There just ain't no way of escaping them HTML spammers
short of using a non-HTML email reader.

You can use pretty much any mail/news app so long as you also
use a firewall that blocks the app from anything but necessary
traffic. For example, I use Norton Internet Security to give
Mozilla Thunderbird access to *only* the ports needed to access
the mail and news servers I use, and use of those ports is
restricted to accessing *only* those servers.

If I receive an HTML message, Thunderbird will display the HTML,
but cannot communicate back to a spammer's server for *anything*.
Among other things this means I can't see images in HTML
messages, but that is no price at all to pay since no one but
spammers ever sends me HTML that wants to load images.

On Sun, 05 Oct 2003 15:38:51 GMT, Tony Hill
wrote:

On Sun, 05 Oct 2003 12:16:37 GMT,
(George Macdonald) wrote:
On Sun, 05 Oct 2003 04:27:27 GMT,
(The little lost angel) wrote:
Why unbelievable? The use of HTML in email actually provides them with
an excellent way to tell if you're active or not. Some of them embed
image links with address specific ID. If you're using some of them
security-less client, those images get loaded the moment you even
preview/look at the email.

All the spammer has to do is conduct periodic scan of their httpd logs
to harvest the list of active email accounts to resell/reuse for
higher value returns on advertising.... :P

Can they actually get e-mail addresses from such hits?

You better believe they can.

"

Who cares if it's not a real image URL, the client still tries to open
it and the spammer has your e-mail address. If the spammer so
desires, they can even send back a 1x1 image that you'll never notice.

That's the e-mail address which was used to send the msg - no? Looking at
Mozilla 1.4, which I'm running (the U. Essen version with the patch for the
GDI resource caching/leak - Bug 204374) there are several security settings
that allow various levels of e-mail presentation but I don't see anything
which says basically: do not allow my e-mail address to be sent out. It's
also not clear, and apparently undocumented, what the "Simple HTML" setting
allows for in e-mail msgs.

snip

Note though that this is NOT the only way that they can do it. There
are other HTML tags that spammers can embed in their code that will
give them your e-mail address unless your client uses some fairly
strict policies about what it does and does not do as far as HTML
display goes.

But is this e-mail address being pulled from the browser/e-mail software's
records as set up by the user? As suggested above it would seem fairly
simple to just have an option which prevents or at least asks permission to
send out your e-mail address??? In fact, is there any good reason to have
an e-mail HTML or the main browser send out your e-mail address?

As noted elsewhere, I'm disgusted with the current fad for HTML e-mail msgs
but everyone at the office uses it, as apparently do most other business
users. Basically, e-mail is now being abused on a global basis. Nobody at
the office seems to be aware of the security implications and they don't
want to hear about it since, if they turn off the M$ Viewer in Eudora, they
won't be able to see the images that friends send to them.shrug

Rgds, George Macdonald

"Just because they're paranoid doesn't mean you're not psychotic" - Who, me??