Linked by David Adams on Sat 30th Aug 2003 11:40 UTC
Bugs & Viruses I checked my email this morning. The tally: 80 spams, 65 emails asking me to "See the attached file for details," and 6 legitimate emails. This worm thing is getting ridiculous. Has anyone else noticed a big spike today?
Order by: Score:
Today only?
by Bayerwerke on Sat 30th Aug 2003 17:24 UTC

I have noticed a big spike in the last week. Today was not too bad, probably due to the several hundred domains I black listed during the last seven days. In the last two months, less than one percent of my email is legitimate communication. (of about 7000 messages)

In a word?
by Benjamin "thumper^" Kaufman on Sat 30th Aug 2003 17:24 UTC

No
Mutt, Spamassassin, freeBSD.

Spam, Virusses..
by Anonymous on Sat 30th Aug 2003 17:25 UTC

Can't you install a virus and spam filter on your mailserver? My provider has an anti-virus program on the mailserver, so I never see those virusmails. I use Apples spam filter to get rid of the spam (bayesian). Almost all of my mails I get, are legitimate with this system.

Dah well
by Yamin on Sat 30th Aug 2003 17:29 UTC

Well, I've experienced a pretty big drop after I turned off auto-preview e-mail in outlook. Apparenently, I noticed many of the picture links in e-mails have unique hyperlinks which idenitify the target person. I guess, when that link is activated by the outlook preview or by the user, the spammer knows that their e-mail is being viewed and they should keep sending e-mails to that address.

I know it other apps, you can just choose to view as plain text, but I could not find that option in outlook 2000.

Other than that, what can you do, but use some kind of blocker.

Yamin

Me neither
by devote on Sat 30th Aug 2003 17:32 UTC

mutt/sylpheed + procmail + exim-blackhole + spam-assassin all on a debian sid box.

I have
by rajan r on Sat 30th Aug 2003 17:34 UTC

Here's my entry on that
http://www.rajanr.com/index.php?itemid=187
Not nice. I been having huge spikes in spam lately. Same with a lot of other people.

Spam Filter
by David Adams on Sat 30th Aug 2003 17:54 UTC

I checked my logs and in my calculation I was including spam that had been caught by my spam filter, along with a few that slipped through.

Last week
by Bram on Sat 30th Aug 2003 17:59 UTC

I had a mega spike last week. I had several hundreds a day.

Since yesterday I have received 246 worms. Gotta love morons with infected Pc's.

I've noticed a bit more action ...
by Beryllium on Sat 30th Aug 2003 18:04 UTC

... but not a spike. I had two sobig mails yesterday, and they weren't direct mails - they were "that user was not found" messages getting bounced back to my (innocent) email address.

A lot of Firstname_ThreeDigits_LastName@hotmail.com spam, though. SpamAssassin catches all of that, thankfully. ;)

No problems here
by Mike on Sat 30th Aug 2003 18:18 UTC

I'm using Scribe (http://www.memecode.com) and I've not had any problems.

Not really...
by Josiah Carlson on Sat 30th Aug 2003 18:39 UTC

While my spam has been a steady flow of around 30/day, I still only get less than 3 virus emails/day.

It's all about the plain-text viewing of all email. If anyone is looking for a pretty smooth email client for windows, (aside from trying Mozilla), one should try Becky! internet email www.rimarts.co.jp. It has worked faithfully for the last 4.5 years and stores email as plaintext.

Enough of me blabbering.

Anti-spam tools and Outlook Express
by Darius on Sat 30th Aug 2003 18:46 UTC

The main issue I have with anti-spam tools is false positives. If I've got to go through some 'junk mail' folder to find out if an anti-spam tool flagged a legitimate email as spam, then what's the point? I figure I might as well just go through them in my Inbox.

As for Outlook Express, if you use this or know anyone who does, do the follow:

1. Turn off auto preview (obviously)
2. Download 6.0 SP1 if you don't already have it
3. Click on Tools|Options|Read tab
4. Check 'Read all messages as plain text'

There ya go .. now OE is about as secure as any other mail client on Win32.

Slightly more
by Hamilton on Sat 30th Aug 2003 19:02 UTC

I almost never get virus messages, but I did get one today. It was that "patch from Microsoft" virus--certainly not new.

Spike
by VSW on Sat 30th Aug 2003 19:11 UTC

Well, I work as an admin for a hosting company. We noticed a pretty substantial pick-up beginning late Thursday. Where we normally get around 20-30,000 emailsday, since this work we've been getting 150,000+ daily. Thankfully we're linux based, spamassassin, mailscanner, etc ;)

Yes
by trashcan on Sat 30th Aug 2003 19:16 UTC

I had about a 100 junk / virus / spam emails this morning when I woke up. I use POPfile and Mozilla Mail's built in spam filters. POPFile is very good at classifying Junk mail (88% of my mail), but is still in training for regular mail. So far it has a rate just above 50% for non-junkmail, but I have only had it for a week, and I actually don't get a lot of emails. And I have it setup to only move to the Junk mail folder if Mozilla Mail AND Popfile think the message is spam, so I have not missed any emails. Too bad POPfile doesn't work with IMAP, so I can't use it for my main account.
Popfile is a shining example of open sourceness. It is easy to use, comes with a manual, has a large, helpful FAQ, responsive developers, and is easy to use and install.

Virus / mail client rule
by Neonz on Sat 30th Aug 2003 19:46 UTC

I at work where I use Outlook (mailserver is exchange) created rule that automatically deletes all mails with "See the attached file for details" in body ;)

I get less spam
by Bob on Sat 30th Aug 2003 19:47 UTC

I was getting about 10 pieces of spam a day, and it's dropped down to 0-2 a day.

Bogofilter caught all of them
by Thomas Bonk on Sat 30th Aug 2003 19:47 UTC

I had a spam spike on August 18/19/20: 549 spam mails in 3 days on one email account. Anyway bogofilter caught all of them ;) I really can recommend bogofilter to sort out all this spam. My spam list database is currently @ ~5MB and it sorts out about 99% of all incoming spam mails.

really that bad?`
by Anonymous on Sat 30th Aug 2003 20:02 UTC

Odd, since I do NOT have any spam filters or the like, and I get maybe max 5-10 spam messages a day, and I've yet seen one worm/virus message that atleast I've recognized..
most of my spam is logchecker telling me about double bounces of non-existant accounts (in both ends)..
Also most of my spam would be cut nicely if I'd only remove stuff that has a bogus To: field.. (my address being only in Bcc:)

Nope
by Eightiesdude on Sat 30th Aug 2003 20:06 UTC

Nope, Running Linux and watching the chaos of my friends and family computers get infected. While i sit and just relax with Tux.

Spam? Virus?
by Victor on Sat 30th Aug 2003 20:07 UTC

I haven't got one single spam/virus email in months - ever since i created my account on Yahoo. Yahoo rules.

Victor.

No
by Jago on Sat 30th Aug 2003 20:23 UTC

As a matter of fact, today I experienced quite the opposite. I tend to receive 7-8 emails per day with roughly half of them being spam and/or viruses. Today I've only received ONE mail and it was an actual email, not a piece of spam.

Um... ok
by Jeffrey on Sat 30th Aug 2003 20:31 UTC

Does this really constitute os news? I got a virus yesterday, did anybody else? Viruses and worms are everywhere and it is up to you to either filter it or make sure you don't get infected. Maybe an article on such would be beneficial. I mean I guess some of comments here are good but just making a comment about worm activity seems a little on the non-productive side to me.

hmm
by Anonymous on Sat 30th Aug 2003 20:55 UTC

I must have smart friends or no freinds, I haven't gottin 1 virus email yet, granted I do get alot of spam but filters take care of that for the most part

At the Chicago Harold Washington Public Library they still haven't gotten their act together on their machines! They run a twentyfive machine 'Computer Connection' here and their idea of security is to make the entire file system 'read only' on Windows 2000, then force everyone to use a vastly dumbed down ie client for browsing the net. Most of the machines are still running with IE5.0x and they have spywareadware crap running on the IT's own terminals!!

I dunno when the #### we'll be able to use the wordprocessing capabilities of their system again, as they've not had any ability to transfer files to disk since LAST WEEK Friday!!! and have only been able to run generalized internet terminals since last Tuesday! It's a mess here and unless I miss my guess their response is going to be typical of IT staff everywhere--blame the users!

--iWindoze grumbles to himslef as he kills another three or four trees by printing the articles instead of saving them to *.mht as is his usual wont.

HUGE spike
by Nikola Pizurica on Sat 30th Aug 2003 21:17 UTC

I started to get huge amounts of "See the attached file for details" mails or similar. It all started last week. In one single day, I got about 450 spam mails!
My ISP has spam blocker, but I have to enter domains or e-mail addresses one by one, so I spent one hour pasting senders' addresses into it. Also, I've noticed about 60% were Swiss domain (.ch), and also lot of German and Austrian domains.
And I'm 100% sure I'm not infected (using BeOS and Linux).
BTW, I received couple of times e-mails from some other ISPs warning me that I sent virus infected mails, all with headers of those emails, with my address, and with OE 6 as my mail app! I don't use Windows at all!?! WTF?

The problem won't go away...
by Shawna on Sat 30th Aug 2003 21:42 UTC

...until people stop using email clients that can execute scripts and take commands from scripts. If everybody stopped using Outlook and Outlook Express (aka Microsoft Internet Mail & News), and instead switched to Eudora, Mozilla Mail, Notes, Evolution, Kmail or Apple Mail, email worms would go away overnight. Their spread would be impossible.

Outlook and Outlook Express are completely unacceptable email clients in any setting.

Yep
by Kevin on Sat 30th Aug 2003 23:49 UTC

David, i've been getting the smae thing for the last week or so.... it's horrible!

Damned Wurrms
by Chris D.Emery on Sun 31st Aug 2003 00:09 UTC

Spent all Friday watching my MIMEsweeper filtering out massive quantities of virii and hoping it wasn't missing any...

That and dashing around with DAT files and making sure everyone had an AV running. I used to find virus outbreaks an amusing distraction too...

A fool, a dangerous fool. Someone should have slapped me.

SpamBayes
by Mike Jeays on Sun 31st Aug 2003 01:35 UTC

I have been using SpamBayes for about three months, in an environment where I get upwards of 100 emails a day, mainly spam. It has never wrongly classified a message as "definitely spam" for me, and is right for most of the "probably spam" classification. It is much easier to delete an entire folder of spam than sort out the spam in the Inbox. It saves me a good bit of time every day.

Highly recommended, IMHO.

Stats
by Richard James on Sun 31st Aug 2003 04:51 UTC

I assume the amount of viruses you get depends on how many people with unprotected Outlook have you in their address book.

As for the SPAM just don't register you email address anywhere you have to. And if you do and it is human readable munge it a bit add a NOSPAM to it.

p.s. does anyone know a good dropin replacement for outlook that is free?

Richard James
by Darius on Sun 31st Aug 2003 04:58 UTC

I assume the amount of viruses you get depends on how many people with unprotected Outlook have you in their address book.

AFAIK, the sobig.f worm is an executable, not a script, and doesn't use the Outlook address book; it scans your hard drive looking for email addresses in files (.eml, .html, etc) and uses it's own SMTP engine to send out the emails. So, it would appear that you would be at risk no matter what email program you were using (on Win32), provided you are dumb enough to run an executable attachment without scanning it first.
And actually, you're probably safer running Outlook, as newer versions will not let you open such attachments at all by default.

HTML + EMAIL = BAD THING
by Anonymous on Sun 31st Aug 2003 06:52 UTC

nearly all e-mail virii stem from the fact that e-mail isnt text anymore but actually scripts and programs and such. email should not have hyperlinks or scripts or anything other than text and embedded images. html is a failure in this regard because it offers too much control to the originator.

secure messaging
by net send on Sun 31st Aug 2003 10:47 UTC

You'll find the originating IP in the last received from: line in the emails - doubtless lots of them are from the same people. You can complain to the ISP or if you have a PC you can send them a pop up message on port 139 with

net send IP message

from the windows command line. Gotta love windows and its 'security'.

Re: My Wormy Weekend
by b-lou on Sun 31st Aug 2003 12:21 UTC

Yup, big spike on Aug 30 for us. Didn't see a single iteration of the virus the week before when it was all over the news, just yesterday and only to our business email address, not to our personal ones. Maybe our business ISP got slammed and we're feeling the results.

IMHO
by CooCooCaChoo on Sun 31st Aug 2003 13:52 UTC

It would be great if there was an easy way to track these spammers and send them to death row. I am personally sick and tired ot downloading 100s of messages a day only to find that only a few are actually the things I have subscribed to. Worse still, we have lusers on the net who continue to make the problem worse by not protecting themselves against viruses!

How many non-Windows people here keep getting that "apply this patch" crap coming through their email? I would love to see the dork feature who spreads that kind of crap and give him/her a good piece of my mind.

I just got one
by Alex (The Original) on Sun 31st Aug 2003 22:37 UTC

I just got one, an email message with the SoBig virus, asking me to see the attachment for details but Norton Anti-Virus detected it while the message was being received.

300 viruses in 24 hours, then nothing . . . .
by goyo on Mon 1st Sep 2003 07:54 UTC

Yes. Sure, I set up filters that weeded them out, but I still keep track so I won't post some self-righteous answer consisting only of software products seperated by plus signs. I usually don't get spam or viruses, but from about noon Friday to noon Saturday, I literally received 300 attached details messages. After that, nothing. I can't explain it, but I'm not complaining.

virus flood
by Anonymous on Mon 1st Sep 2003 09:05 UTC

I received 1058 emails during this weekend. 99% - Sobig.
Last week only 600. And I don't use Windows.

I think...
by TheeOldeCrudge on Tue 2nd Sep 2003 03:05 UTC

That everyone should invoice Microsoft the time they spend screwing around with their software and results of said buggy software. See how quickly they jump when they have billions of dollars of outstanding bills and collection agencies banging on their doors...

Re: Richard James
by Sandy Dunlop on Thu 4th Sep 2003 08:22 UTC

And actually, you're probably safer running Outlook, as newer versions will not let you open such attachments at all by default.

Safer than what?

I'm not aware of ever having used an e-mail client which allows things to be executed without first saving them and setting their permissions to allow users to execute them.

From what I've heard, Outlook is not safer than that.