Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Oct 2003 11:29:36 -0700
From:      Terry Lambert <tlambert2@mindspring.com>
To:        Steve O'Hara-Smith <steve@sohara.org>
Cc:        Peter Schultz <pmes@btinet.net>
Subject:   Re: hiding e-mail adresses needed badly
Message-ID:  <3F8EE390.47F355D3@mindspring.com>
References:  <20031015112920.GA36404@nagual.pp.ru> <20031015132551.GA94612@freebie.xs4all.nl> <20031016124938.354fe903.steve@sohara.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Steve O'Hara-Smith wrote:
> Peter Schultz <pmes@btinet.net> wrote:
> > However, since that fateful
> > e-mail I have been viciously attacked by spammers posing as Microsoft
> > security updaters.  These spams include attachments making them all
> > around 150KB in size.  Maybe others of you have seen them?
> 
>         Certainly have - they're not spammers it's a worm, called Swen.
> It targets an amazing variety of things, including every email address
> it can get hold of. One of my accounts gets about a hundred a day of
> these *still*. If you get infected it filters your inbox and removes
> attempts to reinfect you so that you don't see it at all.

But you still get to pay to download them.

I got so pissed off, I wrote a program to proactively delete them
out of my mailbox at intervals, without downloading them.

Earthlink often sucks in terms of customer service.  If they would
just designate a couple of common markers as "known SPAM", the
problem would have gone away for me, and a couple million other
people forced to use Earthlink ("forced", because no matter where
I go, Earthlink buys up my damn ISP -- no one talks about *that*
monocoluture being a threat).

Another pain in the ass is that people without direct Internet
connections *somewhere* are stuck with POP3 maildrops going over
quota because of these damn things, which is a denial of service
attack (all messages to you bounce as "over quota", and most of
the mailing list software in the world will auto-unsubscribe you
when that happens).  This is probably the biggest threat to the
Internet yet, since communication in general, and email in
particular, is still *the* killer application for the Internet.

This is an inherent flaw in a store-with-quota+pickup-transiently
model, which is what any POP3/IMAP4 forces their users into, and
that means *any* ISP, even ones that give you full time connections,
when they refuse to let you run your own mail server, either by
explicitly disallowing it, or by not providing you a static IP.  A
non-quotaed maildrop would fix it.  The ISP mail server admins
growing a clue and not transiting executable attachments would fix
it.  And ASMTP would fix it (as long as there wasn't a queue quota).

Again, Earthlink is no help, since they transit these damn
things to the maildrop, against their customer's will, and, for
most of their customers, this means propagating the damn things
further.

Can you imagine if someone wrote one of these things to *actively*
target an ISP with a stupid network topology like Earthlink?  You
could drive the company out of business by chasing all their
subscribers away by denying them the ability to receive communications
from almost anyone else on the Internet.  I'm really surprised these
idiots are unwilling to do anything about saving their business model
from extinction.

In any case, my suggestion is that you write a program to delete off
files with certain sizes from a "list" and/or certain content from a
"head", and find a kind soul you trust to not abuse your password,
which would have to be cleartext somewhere (command line or compiled
in), and have the worms deleted out before they become an issue for
you.

-- Terry



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F8EE390.47F355D3>