[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[at-l] Possible Virus?

Subject: [at-l] Possible Virus?
From: lparker@cacaphony.net (L. Parker)
Date: Mon, 10 Dec 2001 21:43:04 -0600
In-Reply-To: <e4.1f450c63.2946b171@aol.com>

Mail bombs can take many forms. The one you cite is basically a denial of
service attack, which seeks to shut down a system (in this case your
mailbox) by overloading it beyond capacity - until it fails. There are
others as well. One simple one that used to be effective was to send email
with characters that were outside the normal ASCII range. Fortunately, most
modern email readers are not susceptible to this attack. However, there is a
derivative that uses MIME headers....

Well you get the idea. Most of these attacks will not set off virus
software. There is no "viral pattern" to search for in the message. Even
newer heuristic based antiviral software will not catch most of these since
they do not behave like a typical virus.

The one I started to elaborate upon is an example. It goes right through the
defenses and takes up residence on your hard drives temp directory - and
cannot be deleted. Other than that, it does nothing until you run a virus
scan program on the directory. The scan program promptly crashes without
completing the scan. In other words your defenses are now down. I've got one
of these, when I figure out how to get rid of it, I'll let you know...

Lee I Joe
  -----Original Message-----
  From: Slyatpct@aol.com [mailto:Slyatpct@aol.com]
  Sent: Monday, December 10, 2001 6:47 PM
  To: lparker@cacaphony.net; RoksnRoots@aol.com; AT-L@backcountry.net
  Subject: Re: [at-l] Possible Virus?


  In a message dated 12/10/2001 5:25:18 PM Eastern Standard Time,
lparker@cacaphony.net writes:



    Assuming that there was some sort of "payload" in the emails you
received,
    they are more properly termed "mail bombs", since they don't replicate
and
    are intended to destroy or damage a single target system.



  A few years back I received several "mail bombs" which filled my mail box
completely, but with separate emails all with the same subject, text and
headers, bouncing back regular mail.

  It took a while to delete all the mail in order to receive other mail, but
other than that no harm was done.  I suspected it was done by a list member
I had a disagreement with, especially since he left the list shortly after,
but I'm not computer savvy enough to figure out just where they came from.

  Sly




--- StripMime Report -- processed MIME parts ---
multipart/alternative
  text/plain (text body -- kept)
  text/html
---

References:
- [at-l] Possible Virus?
  - From: Slyatpct@aol.com (Slyatpct@aol.com)

Prev by Date: [at-l] Gear for short people
Next by Date: [at-l] Possible Virus?
Prev by thread: [at-l] Possible Virus?
Next by thread: [at-l] Possible Virus?
Index(es):
- Date
- Thread