Home > Bugs & Viruses > My Wormy Weekend My Wormy Weekend David Adams 2003-08-30 Bugs & Viruses 41 Comments I checked my email this morning. The tally: 80 spams, 65 emails asking me to “See the attached file for details,” and 6 legitimate emails. This worm thing is getting ridiculous. Has anyone else noticed a big spike today? About The Author David Adams Follow me on Twitter @david_adams 41 Comments 2003-08-30 5:24 pm I have noticed a big spike in the last week. Today was not too bad, probably due to the several hundred domains I black listed during the last seven days. In the last two months, less than one percent of my email is legitimate communication. (of about 7000 messages) 2003-08-30 5:24 pm No Mutt, Spamassassin, freeBSD. 2003-08-30 5:25 pm Can’t you install a virus and spam filter on your mailserver? My provider has an anti-virus program on the mailserver, so I never see those virusmails. I use Apples spam filter to get rid of the spam (bayesian). Almost all of my mails I get, are legitimate with this system. 2003-08-30 5:29 pm Well, I’ve experienced a pretty big drop after I turned off auto-preview e-mail in outlook. Apparenently, I noticed many of the picture links in e-mails have unique hyperlinks which idenitify the target person. I guess, when that link is activated by the outlook preview or by the user, the spammer knows that their e-mail is being viewed and they should keep sending e-mails to that address. I know it other apps, you can just choose to view as plain text, but I could not find that option in outlook 2000. Other than that, what can you do, but use some kind of blocker. Yamin 2003-08-30 5:32 pm mutt/sylpheed + procmail + exim-blackhole + spam-assassin all on a debian sid box. 2003-08-30 5:34 pm Here’s my entry on that http://www.rajanr.com/index.php?itemid=187 Not nice. I been having huge spikes in spam lately. Same with a lot of other people. 2003-08-30 5:54 pm I checked my logs and in my calculation I was including spam that had been caught by my spam filter, along with a few that slipped through. 2003-08-30 5:59 pm I had a mega spike last week. I had several hundreds a day. Since yesterday I have received 246 worms. Gotta love morons with infected Pc’s. 2003-08-30 6:04 pm … but not a spike. I had two sobig mails yesterday, and they weren’t direct mails – they were “that user was not found” messages getting bounced back to my (innocent) email address. A lot of Firstname_ThreeDigits_LastName@hotmail.com spam, though. SpamAssassin catches all of that, thankfully. 2003-08-30 6:18 pm I’m using Scribe (http://www.memecode.com) and I’ve not had any problems. 2003-08-30 6:39 pm While my spam has been a steady flow of around 30/day, I still only get less than 3 virus emails/day. It’s all about the plain-text viewing of all email. If anyone is looking for a pretty smooth email client for windows, (aside from trying Mozilla), one should try Becky! internet email http://www.rimarts.co.jp. It has worked faithfully for the last 4.5 years and stores email as plaintext. Enough of me blabbering. 2003-08-30 6:46 pm The main issue I have with anti-spam tools is false positives. If I’ve got to go through some ‘junk mail’ folder to find out if an anti-spam tool flagged a legitimate email as spam, then what’s the point? I figure I might as well just go through them in my Inbox. As for Outlook Express, if you use this or know anyone who does, do the follow: 1. Turn off auto preview (obviously) 2. Download 6.0 SP1 if you don’t already have it 3. Click on Tools|Options|Read tab 4. Check ‘Read all messages as plain text’ There ya go .. now OE is about as secure as any other mail client on Win32. 2003-08-30 7:02 pm I almost never get virus messages, but I did get one today. It was that “patch from Microsoft” virus–certainly not new. 2003-08-30 7:11 pm Well, I work as an admin for a hosting company. We noticed a pretty substantial pick-up beginning late Thursday. Where we normally get around 20-30,000 emailsday, since this work we’ve been getting 150,000+ daily. Thankfully we’re linux based, spamassassin, mailscanner, etc 2003-08-30 7:16 pm I had about a 100 junk / virus / spam emails this morning when I woke up. I use POPfile and Mozilla Mail’s built in spam filters. POPFile is very good at classifying Junk mail (88% of my mail), but is still in training for regular mail. So far it has a rate just above 50% for non-junkmail, but I have only had it for a week, and I actually don’t get a lot of emails. And I have it setup to only move to the Junk mail folder if Mozilla Mail AND Popfile think the message is spam, so I have not missed any emails. Too bad POPfile doesn’t work with IMAP, so I can’t use it for my main account. Popfile is a shining example of open sourceness. It is easy to use, comes with a manual, has a large, helpful FAQ, responsive developers, and is easy to use and install. 2003-08-30 7:46 pm I at work where I use Outlook (mailserver is exchange) created rule that automatically deletes all mails with “See the attached file for details” in body 2003-08-30 7:47 pm I was getting about 10 pieces of spam a day, and it’s dropped down to 0-2 a day. 2003-08-30 7:47 pm I had a spam spike on August 18/19/20: 549 spam mails in 3 days on one email account. Anyway bogofilter caught all of them I really can recommend bogofilter to sort out all this spam. My spam list database is currently @ ~5MB and it sorts out about 99% of all incoming spam mails. 2003-08-30 8:02 pm Odd, since I do NOT have any spam filters or the like, and I get maybe max 5-10 spam messages a day, and I’ve yet seen one worm/virus message that atleast I’ve recognized.. most of my spam is logchecker telling me about double bounces of non-existant accounts (in both ends).. Also most of my spam would be cut nicely if I’d only remove stuff that has a bogus To: field.. (my address being only in Bcc:) 2003-08-30 8:06 pm Nope, Running Linux and watching the chaos of my friends and family computers get infected. While i sit and just relax with Tux. 2003-08-30 8:07 pm I haven’t got one single spam/virus email in months – ever since i created my account on Yahoo. Yahoo rules. Victor. 2003-08-30 8:23 pm As a matter of fact, today I experienced quite the opposite. I tend to receive 7-8 emails per day with roughly half of them being spam and/or viruses. Today I’ve only received ONE mail and it was an actual email, not a piece of spam. 2003-08-30 8:31 pm Does this really constitute os news? I got a virus yesterday, did anybody else? Viruses and worms are everywhere and it is up to you to either filter it or make sure you don’t get infected. Maybe an article on such would be beneficial. I mean I guess some of comments here are good but just making a comment about worm activity seems a little on the non-productive side to me. 2003-08-30 8:55 pm I must have smart friends or no freinds, I haven’t gottin 1 virus email yet, granted I do get alot of spam but filters take care of that for the most part 2003-08-30 9:06 pm At the Chicago Harold Washington Public Library they still haven’t gotten their act together on their machines! They run a twentyfive machine ‘Computer Connection’ here and their idea of security is to make the entire file system ‘read only’ on Windows 2000, then force everyone to use a vastly dumbed down ie client for browsing the net. Most of the machines are still running with IE5.0x and they have spywareadware crap running on the IT’s own terminals!! I dunno when the #### we’ll be able to use the wordprocessing capabilities of their system again, as they’ve not had any ability to transfer files to disk since LAST WEEK Friday!!! and have only been able to run generalized internet terminals since last Tuesday! It’s a mess here and unless I miss my guess their response is going to be typical of IT staff everywhere–blame the users! –iWindoze grumbles to himslef as he kills another three or four trees by printing the articles instead of saving them to *.mht as is his usual wont. 2003-08-30 9:17 pm I started to get huge amounts of “See the attached file for details” mails or similar. It all started last week. In one single day, I got about 450 spam mails! My ISP has spam blocker, but I have to enter domains or e-mail addresses one by one, so I spent one hour pasting senders’ addresses into it. Also, I’ve noticed about 60% were Swiss domain (.ch), and also lot of German and Austrian domains. And I’m 100% sure I’m not infected (using BeOS and Linux). BTW, I received couple of times e-mails from some other ISPs warning me that I sent virus infected mails, all with headers of those emails, with my address, and with OE 6 as my mail app! I don’t use Windows at all!?! WTF? 2003-08-30 9:42 pm …until people stop using email clients that can execute scripts and take commands from scripts. If everybody stopped using Outlook and Outlook Express (aka Microsoft Internet Mail & News), and instead switched to Eudora, Mozilla Mail, Notes, Evolution, Kmail or Apple Mail, email worms would go away overnight. Their spread would be impossible. Outlook and Outlook Express are completely unacceptable email clients in any setting. 2003-08-30 11:49 pm David, i’ve been getting the smae thing for the last week or so…. it’s horrible! 2003-08-31 12:09 am Spent all Friday watching my MIMEsweeper filtering out massive quantities of virii and hoping it wasn’t missing any… That and dashing around with DAT files and making sure everyone had an AV running. I used to find virus outbreaks an amusing distraction too… A fool, a dangerous fool. Someone should have slapped me. 2003-08-31 1:35 am I have been using SpamBayes for about three months, in an environment where I get upwards of 100 emails a day, mainly spam. It has never wrongly classified a message as “definitely spam” for me, and is right for most of the “probably spam” classification. It is much easier to delete an entire folder of spam than sort out the spam in the Inbox. It saves me a good bit of time every day. Highly recommended, IMHO. 2003-08-31 4:51 am I assume the amount of viruses you get depends on how many people with unprotected Outlook have you in their address book. As for the SPAM just don’t register you email address anywhere you have to. And if you do and it is human readable munge it a bit add a NOSPAM to it. p.s. does anyone know a good dropin replacement for outlook that is free? 2003-08-31 4:58 am I assume the amount of viruses you get depends on how many people with unprotected Outlook have you in their address book. AFAIK, the sobig.f worm is an executable, not a script, and doesn’t use the Outlook address book; it scans your hard drive looking for email addresses in files (.eml, .html, etc) and uses it’s own SMTP engine to send out the emails. So, it would appear that you would be at risk no matter what email program you were using (on Win32), provided you are dumb enough to run an executable attachment without scanning it first. And actually, you’re probably safer running Outlook, as newer versions will not let you open such attachments at all by default. 2003-08-31 6:52 am nearly all e-mail virii stem from the fact that e-mail isnt text anymore but actually scripts and programs and such. email should not have hyperlinks or scripts or anything other than text and embedded images. html is a failure in this regard because it offers too much control to the originator. 2003-08-31 10:47 am You’ll find the originating IP in the last received from: line in the emails – doubtless lots of them are from the same people. You can complain to the ISP or if you have a PC you can send them a pop up message on port 139 with net send IP message from the windows command line. Gotta love windows and its ‘security’. 2003-08-31 12:21 pm Yup, big spike on Aug 30 for us. Didn’t see a single iteration of the virus the week before when it was all over the news, just yesterday and only to our business email address, not to our personal ones. Maybe our business ISP got slammed and we’re feeling the results. 2003-08-31 1:52 pm It would be great if there was an easy way to track these spammers and send them to death row. I am personally sick and tired ot downloading 100s of messages a day only to find that only a few are actually the things I have subscribed to. Worse still, we have lusers on the net who continue to make the problem worse by not protecting themselves against viruses! How many non-Windows people here keep getting that “apply this patch” crap coming through their email? I would love to see the dork feature who spreads that kind of crap and give him/her a good piece of my mind. 2003-08-31 10:37 pm I just got one, an email message with the SoBig virus, asking me to see the attachment for details but Norton Anti-Virus detected it while the message was being received. 2003-09-01 7:54 am Yes. Sure, I set up filters that weeded them out, but I still keep track so I won’t post some self-righteous answer consisting only of software products seperated by plus signs. I usually don’t get spam or viruses, but from about noon Friday to noon Saturday, I literally received 300 attached details messages. After that, nothing. I can’t explain it, but I’m not complaining. 2003-09-01 9:05 am I received 1058 emails during this weekend. 99% – Sobig. Last week only 600. And I don’t use Windows. 2003-09-02 3:05 am That everyone should invoice Microsoft the time they spend screwing around with their software and results of said buggy software. See how quickly they jump when they have billions of dollars of outstanding bills and collection agencies banging on their doors… 2003-09-04 8:22 am And actually, you’re probably safer running Outlook, as newer versions will not let you open such attachments at all by default. Safer than what? I’m not aware of ever having used an e-mail client which allows things to be executed without first saving them and setting their permissions to allow users to execute them. From what I’ve heard, Outlook is not safer than that.