Hi all. I have just received an e-mail from [email protected] . It contains an attachment called screen_doc and is a ZLO file. It is 51 kb. Norton anti-virus didn't get it but my zone-alarm has quarantined it saying...

" A shortcut to MS-DOS Programme is a program that could cause damage to your computer files, violate your privacy, or infect others with a dangerous virus. "

I assume its a virus and if it is then how can Microsoft send this kind of thing? Anyone else had anything like this?

It's not actually from Microsoft, and it is a virus. More details here:

http://news.bbc.co.uk/1/hi/technology/3040247.stm

jethro15

It wasn't sent by MS - just someone pretending to be them. See BBC news item . I don't know much more than that - Symantec (aka Norton) does not seem to have anything on it.

Thanks chaps. Just what are these w****rs trying to prove....

I received one yesterday but without any attachment - just deleted it.

It really is time that ISPs were forced to do more about this sort of thing. Surely the offending source can be traced?

"Surely the offending source can be traced?"

I wish, Beags! I am getting quite a few now with incomplete return addresses whixh make bouncing with 'Mailwasher' impossible and tracing difficult. The 'Earthlink' ISP is coughing up a few right now. It becomes very time consuming sending to each ISP each time. We need robust legislation NOW!

'FL' where are you?

The difficulty with legislation is that the spam/e-mail virus problem is global - the e-mail may be sent in China and come to you via a relay in Burkina Faso. You could say that it's the ISPs problem and they should block it, but should they really decide what e-mail you do or do not receive? What is their role? If they should scan it, should the post office censor your post? There's no quick-fix that I can see.

Why cannot those emails that have 'incorrect' return addresses be hit? The 'earthlink' example I mentioned had a r/a 'xxx@earthlink' whereas the full address should be '[email protected]'.

Big Red 'L' - I think they're trying to prove what L33T H4X0R5 they are and how many B0X3N they can 0WNZ to fuel their pathetic little egos as none of them will ever do anything good or worthwhile in their entire lives.

BEagle - The problem is that the virus sends out more copies of itself, so the odds are the person who sent it to you doesn't actually know they're doing it, because they ran the attachment when they got the mail from some other, possibly equally innocent, person. Tracing it back would be incredibly complicated. The person who started it off probably used an anonymiser to cover his tracks (and it almost certainly was a him - some pale spotty geek who needs to get out more).

BT Openworld now do virus checking on all mail passing through, and this has caught a lot of viruses before they've ever got to me. They also do spam checking too, although a lot still gets through. If all ISPs did virus checking, in close support from anti-virus companies, and blocked any viruses passing through them, it would do a lot to curb the spread of these email viruses.

How did he get away with sending an e-mail with the address of [email protected] ? Is there a programme that does that kind of thing?

This new virus has been traced to Holland so says the report. If thats the case, why can't they trace the isp and find out who it is?

Dop I agree. As these people are annonymous then who gives them the glory they crave doing things like this? Its like graffitti artists. No-one knows who they are and they change thier tags a lot so who are they trying to impress Beats me to see what the point is at the end of the day really when no one can praise you for what you have done.

As for Btopenworld blocking them, mine came through the BTinternet address that I have.

And me too. Deleted before opening even though checking the Header confirmed that the sender's apparent address was [email protected]. Then I came here and found all you other folks in the same boat. So we are getting smarter about this - at least in this slice of the population.

But it came to my personal e-mail address that is not published here. But then I do get a lot of Spam there anyway. The spam coming to my fobotcso address is consistent; 6-10 a day of delete before reading stuff.

BTOpenworld's anti-spam only stops about ½ the stuff coming to my personal account. It lets through e-mails with the most bizarre titles and senders' names. Often composed of random characters that have no meaning. Still, at least its better than nothing.

{Edit} The e-mail system is in its infancy so we must hope for a fix one day but what? If we all had to pay one penny for every e-mail address we e-mailed to it wouldn't break the bank and it would turn off all the broadcast spammers who send 500-1000 at a time. I have no idea how you would implement this in China, however!

Have to say I can't recommend Mailwasher enough. It checks the messages on your server and shows you the content without downloading to your computer. You can then delete from your mailbox or bounce it back as if you don't exist. Either way, I found this same message, toyed briefly with the idea of downloading it in OE but then used MW to delete it - looks like I chose wisely (for a change).

See http://www.mailwasher.net

You can make a message look like it's come from someone else by changing your own email address under the tools menu

Grr.... Been toying with the idea of MailWasher for a while. Been running at a rate of 40:1 Spam to Genuine for the last couple of months - someone must have finally got me on one of those "Buy a million e-mail addresses!" lists. Been drivin' me crazy.

Thanks BN, you just pushed me into downloading and registering MW. Seems to work a treat too. Hopefully if I keep bouncing the deluge will lessen somewhat eventually. F%^&$heads!

Think symantec (norton) might know about this (?) a search of their site comes up with this (which refers to palyh in the alternative names):

http://[email protected]

Big Red 'L' - Do you have the virus/spam checking turned on? It's not enabled by default, and really the virus checking at least should be. The spam checking end could be a lot better, and while you can check your spam folders through webmail, there isn't a 'whitelist' option to always allow through certain mails, like mailing lists you're on. But the virus checker does seem to work with known viruses - although any virus checker is only as good as the virus database it runs off, so new viruses would spread until a check is found.

The 'From' address on an email is largely immaterial. You can set it to anything, so I could easily send out mails that would appear to be from '[email protected]' - unless you looked at the header and traced the origin of the message, you wouldn't know.

What I think one of the major problems with the internet as a whole is that when most of the fundamental protocols (TCP/IP, mail, news, etc) were originally developed, nobody gave any thought to security. It was just one big happy family and nobody would ever think to send fraudlent emails or viruses, ever... So very basic protocols have been fraught with security problems for years.

If Email had been designed from day one so that you could not send emails with forged addresses, a lot of this stuff would never happen.

CAA New Zealand received a mass post of the virus today from [email protected] - caught at the door by the MIS boys - well done.

I also have BTOpenworld - and got this virus delivered to me twice

One icon for those people who write these things ---> , well actually 2

I wrote a very nasty email as a reply - but it was returned to sender.... hmm

DOP - the point I was making about the incomplete return address was taken FROM the email header! It missed the '.net' from the end of the address, thereby stopping Mailwasher from bouncing it.

Full agreement on the comments above for MW - there you CAN set up approved and blocked senders.

A little bit of history

E-mail as we know it (name @ destination) and the network-of-networks idea that became the internet date back to the early seventies. Simple Mail Transfer Protocol (SMTP) and the sendmail program (still very widely used) date back to 1981. ARPANET switched to TCP/IP, the protocol that the internet still uses, in 1982. Back then the idea of spam, e-mail nasties, DoS attacks and forged addresses were inconceiveable - the infant internet was a tightly-knit collection of (mainly American) official networks. Why should they have thought of designing a secure forgery-resistant e-mail protocol? Or SYN-attack resistant IP? Every extra byte cost a lot of computing and network power. E-mail and the internet itself was designed to be as simple as they could get away with.

The problem is that there is a huge amount of inertia in the system - so much so that 20 years later we're still using essentially the same software and protocols, and they're no longer good enough. However, fundamental changes are very hard to make - suddenly networks become isolated from each other due to different protocols and we are temporarily back in the 70s. People have been trying to get IPv6 adopted for years,
and that's a fairly trivial change designed mainly to open up a larger number of IP addresses - the current IPv4 system doesn't really have enough to go around. Developing and rolling out a globally-secure digitally-signed e-mail protocol is a much harder problem to solve.

Solutions? There isn't an easy one. Best bet may be to build a whole new system from the ground up and roll it out in some way. Backwards compatibility is probably the wrong idea, but it makes the migration of millions of non-technical users to "Internet v2.0" a huge problem. Make it backwards compatible and you leave the prospect of all the old holes. It's a problem for someone smarter than me

20/20 hindsight is a wonderful thing. Evo explained the background very succinctly, but to expand a little... it's just a tad disingenuous to suggest that "they" should of thought of security at the time. It was difficult enough just getting all those different brands of computers and operating systems to talk to each other in the first place, let alone devising ways to stop them... This is a little difficult to imagine if you've been brought up in a world that only knows of Pee Cees running Micro$oft...

Call me cynical, but I wouldn't be at all suprised to discover that Bill hasn't secretly embedding the "Micro$oft Secure Mail Application" inside Windoze products for years. One day, he'll announce that he has the "answer" to spam, switches it on, and everybody (who uses Micro$oft) is "protected." Oh, forgot to mention that if you don't use Micro$oft, you won't be able to read any email from the MSMA using any non-M$ mail client. And you have to trust M$ to be the final arbiter of what constitutes spam then... Of coure, I'm probably being excessivley cynical...