ietf
[Top] [All Lists]

Re: FW: Virus alert

2003-09-01 20:35:49


On Sun, 31 Aug 2003, Tim Chown wrote:

On Sat, Aug 30, 2003 at 05:25:19PM -0400, Dean Anderson wrote:

The Virus writer obviously went to some trouble to pick valid addresses.
It stands to reason that they expect that someone is getting mail to these
addresses.  It also stands to reason that the abuser expects those persons
to get Virus notifications.

I don't think so; isn't it more likely the writer wants the infection to
spread, and the best chance for that is that the recipient sees a From:
address that they recognise and "trust", rather than 
kerjregj(_at_)jsfjkh(_dot_)com,
so they look at the content where they otherwise would be wary?

Your comments are true in general, but I don't think they take into
consideration the differences between this virus and the ones that go
through the address book. One can (more) easily get such valid, trusted,
familiar addresses from the address book. Many virues do just that,
probably with just the purpose you mentioned. However, this virus is
different. It is using 'valid' addresses that aren't found in address
books--addresses that wouldn't be familiar to anyone, but are still valid.
There must be a reason why they would go to such trouble...

                --Dean




<Prev in Thread] Current Thread [Next in Thread>