Server side filtering.

When a new outbreak of virus’ comes through, I really wish that either I didn’t have a catch all address or that relaying mail servers had antivirus technologies in them. I had 27 emails from myself notifying me that my account was closed and that I would need to contact myself to ensure my account would still be active. The ones that I’ve been getting are varients of the Mytob strain. If it wasn’t illegal it would be tempting to use the backdoor that these virus’s create to open a session to the sending computer, create a file on the desktop that says “OY – YOU HAVE A VIRUS – GET SOME ANTI-VIRUS SOFTWARE – NOW!!!!!”, open it and then shut down the backdoor.
The PIL’s are still getting loads of the latest sober virus’s – I’ve tracked it down to a business in columbus using Road Runner but that could be anyone. The weird thing is that they’ve not had an email from this person in their normal email so I can’t track down who this would be.

Comments

  1. Dave M.

    I created a text file on someone else’s computer once. I was getting pinged by viruses that were trying to connect to my computer to spread themselves. I had a tool that would allow me to find and connect to open computers. I would look at the IP addresses that were pinging me, at first because I thought they were trying to hack into my system but later realized they were just viruses.

    I found one system that had a QuickenW folder on their C: drive and found all kinds of files in there for Quicken. I left a text file on their desktop that told them that their computer was open to the internet and that they should get some firewall software and anti-virus software.

    I didn’t follow up on it since it is probably illegal, even if trying to help, so I got rid of the software I was using.

    It really amazes me how many computers are out there completely exposed to the internet and vulnerable to hackers/identity thief’s. :shudder:

  2. codeman38

    I finally ended up filtering all the Mytob spewings from mail to my domain by deleting anything with the phrase “Zone38 Antivirus” in it. Of course, the domain name in question has to be changed as necessary…

    And yeah, I was getting hit quite hard… I posted about it here back in June: http://www.zone38.net/blog/2005/06/24/722/

    And also, Mytob’s attempt social engineering poses a very valid question: how the $EXPLETIVE could you check your e-mail if the password had just been changed?!

Comments are closed.