Why do people do this? 3

[TheVampire]

I recently got yet another virus warning hoax e-mail. You've probably seen them. The ones that claim that a virus is on your PC, that anti-virus programs can't see it, and instructions on how to delete the supposed virus file, etc, BS, BS, etc.

Why do people forward these things? The recent one I got was from a person I know is not a dim bulb by any means. Do they think that because it's easy to forward the mail to everybody in their bloody address book ( using CC instead of BCC, no less ), that they just go ahead and do it without really thinking about it?

A couple of months ago, it was one of the other employees in our company that did this. I wrote her back and told her that "You should know better than this". She said she found my "attitude to be disturbing". I think she'd find a lot of people attitudes being disturbed if they deleted a critical system file from their machine and their PC died...

Robert

 

[lionelhill]

Yes, I'm sure you're right, and it is a bad idea. It is still spam. Yes, it's automatic, but who actually types 10000 e-mails? All spam is automatic in a sense. A system administrator who allows his/her antivirus stuff to send messages like this is guilty of spamming.

 

[silverlokk]

At a network I administered in a previous life, I sent out email shortly when the network was a few hours old, explaining hoaxes and how to spot them. There are almost always elements that should set off alarm bells:

1. "Send this to EVERYONE in your address book." I point out that if they get a virus warning, they should forward it first to the net admin (me) for verification.

2. "{Insert names of at least big IT companies here} have cooperated in an email tracking experiment." Easy enough, I tell them to junk it.

3. "The FBI has issued a warning about a virus..." Again, easy, the FBI doesn't issue virus warnings.

Far as I can tell, no hoax emails, virus or otherwise, ever left our system and spread to the outside world. OTOH, if anyone got mail from a pcworld.com.ph, computerworld.com.ph, or wsgroup.com.ph domain between 1995 and 1998, then I'm afraid some people didn't pay attention

Regards

 

[silverlokk]

BTW, I set things up so new accounts get that email as well. Also, I printed it out and posted it on the bulletin board of our department, inviting those from other departments to come over if they didn't want to read the (rather long) mail on-screen.

Regards

 

[MichealC4]

3. "The FBI has issued a warning about a virus..." Again, easy, the FBI doesn't issue virus warnings.

To make things a little more complicated, the FBI does release security warnings. Remember when Windows XP first came out and the months prior? The FBI released several security warnings. One such warning was about UPnP and UDP.

I am Comptia A+ Certified

 

[Stevehewitt]

Sorry, am I the only person who thinks that informing people that you have sent MY network a virus isn't spam?

How can it be called spam? YOU have sent MY network an email. This is MY network. I set the rules. YOU sent ME an email that could very easlily of screwed it up. Therfore I am sending an reply (automated or not) about something that YOU sent ME. How is that unsolicitated?

The very least of my concerns is worrying about your inbox after you send me a virus!

Geeeze!


Steve Hewitt

 

[MichealC4]

Sorry, am I the only person who thinks that informing people that you have sent MY network a virus isn't spam?

How can it be called spam? YOU have sent MY network an email. This is MY network. I set the rules. YOU sent ME an email that could very easlily of screwed it up. Therfore I am sending an reply (automated or not) about something that YOU sent ME. How is that unsolicitated?

The very least of my concerns is worrying about your inbox after you send me a virus!

Geeeze!

Steve Hewitt

The thing is, a lot the time (for me at least), these emails are spoofed. Sometimes because the sending network has a virus, and the virus is doing the sending.

I am Comptia A+ Certified

 

[Schroeder]

Stevehewitt, the problem (and the point I believe lionehill and SteveTheGeek were making) is that the return address on a virus toting email is so rarely that of the actual sender that replying with such a notice is actually a bit inappropriate. Not only has the virus now infected (or attempted to infect) your system, it has enjoyed further notoriety by causing a sort of hoax virus notification to be sent to an innocent third party.

 

[Stevehewitt]

Rare? I wouldn't say its rare. And OK, lets say 50% are spoofed. Well most that are spoofed are fake addresses anyway - so who is it hurting?

Steve Hewitt

 

[MichealC4]

Me. I didn't ask for the email. It is costing me bandwidth and space on my server.

I am Comptia A+ Certified

 

[Stevehewitt]

I didn't ask for a virus. I'm informing all people that send me a virus who have a valid email address that you should clean your system as you are infected.
If the address is fake (eg. no MX record in domain if the domain exists at all) then the mail (which is plain text only) will simply bounce if no domain is found.



Steve Hewitt

 

[MichealC4]

And we didn't ask for notification. Yes, I think that it is nice of you to try and help people. However, if the person wanted their system cleaned, they would probably know about it as most AV software these days are pretty good at catching things.

I am Comptia A+ Certified

 

[strongm]

>all people that send me a virus

They probably didn't

>If the address is fake (eg. no MX record

Guess what, they're smarter than that...

 

[Stevehewitt]

Where is the problem? I use Star as my ISP who helped develop MessageLabs and they have it running though their mail servers, so I am 99% sure that I'm safe. Star by default set it up so any attempt gets an email back to the sender. I agree with this. As much as I don't want to sound childish, you sent me unsoliciated (spam) email that contains harful code. I hate viruses as much as everyone else, but its YOUR responsibility to protect yourself. If you can't do that surely I am doing a favor by informing you that you have a virus. The argument that they already know is not valid. If my email gets to your inbox then its a real address on a real network. Which means that unless you have already clean your virus up in 3 seconds, you are still infected and MAY not know.

Personally I would rather have an unsolicated email (which isn't selling or in anyway offensive to the majority of sys admins) telling me that I have a virus than not have one and not be aware for some time. I'm sure some people have had a virus on their system, which hasn't beeen picked up. You get network problems, slowed access etc. But you are not sure. A simple email from my ISP will tell you that you almost certianly do! I'd rather be informed and already of cleaned it than not be told and be unaware.



Steve Hewitt

 

[strongm]

>you sent me unsoliciated (spam) email that contains harful code

No, I didn't. Somebody else did.

 

[Stevehewitt]

This is my point. Unless someone has a vendeta against you, or they choose to use your mail box; you won't get the email! Yeah, a lot (possibly the majojrity) of email viruses are spoofed. OK we are agreed. But I would say that most are also addresses that don't exist - or come from stupid addresses like tony.blair@downingstreet.gov.uk like someone will believe it. The chances are (IMHO) that if you get a mail in your inbox then its very likly that it really did. And if not, then whats the harm? My ISP encourages it, so do I. Infact its just that you have recived an email saying you have sent a virus, where in the worst case you run a VScan and realise your clean and delete my mail or if your a poor admin then just delete the mail. In the best case (for the method, not for you!) then you would run a check, realise you are infected and after cleaning it; be thankful that it was spotted so early.

Steve Hewitt

 

[SteveTheGeek]

SteveHewitt,
A bit of clarification. Many viruses scrape address books and such from infected machines and use THOSE addresses as the "spoofed" send addresses. Thus, a decent percentage of the half-or-so spoofed send addresses are actual valid addresses that just happen to have been in someone's address book. The automated response your AV server sends in many cases is actually telling someone "someone who has your address in their address book has sent me a virus". Does that help clear things up?
-Steve(theGeek)

 

[strongm]

One of my roles is as an email admin. I don't automatically send responses to people when our email sytem gets bad inbound emails. I (sadly) check the headers and work out whether it is spoofed or not so that I can send (or not) my snotty response to the closest thing to the right place.

 

[EdwardMartinIII]

I receive many "helpful" automated messages from Sys programs that seem to think I sent them a virus. My system is and always has been virus-free, but I post to many lists, thus many people have my e-mail address in their InBox (a lot of the newer scripts scrape the InBox).

So, I have done nothing and my system is and always has been clean. Yet, someone's automated script starts hammering crap my way.

And one of the annoying things about it is that there's no way for me to see the headers of the original message (and thus drop a note to the actual infectee) nor can I respond to the e-mail in any meaningful fashion ("Sorry, but it's automated -- you must have a virus, you luser&quot. In effect, it's worse than spam.

And the fact that it stupidly responds to the Reply-To address (when nearly every virus/worm these days fakes a Reply-To from within the In Box of the infectee, reducing the chance that the Reply-To is actually the culprit to effectively zero) indicates to me that the person who wrote it might have wanted to be helpful, but in fact, has just made the problem worse.

Which is, of course, the point of this thread.

Thus, I abhor mechanical responders -- regardless of their intent.

Cheers,


Edward

"Cut a hole in the door. Hang a flap. Criminy, why didn't I think of this earlier?!" -- inventor of the cat door

 

[lionelhill]

Agree with everyone! I'm almost sorry I started this, but Stevehewitt (and I do sympathise with your position), the rest have made exactly my point:
(1) These viruses really do pick up addresses from people's address books. My e-mail address is no doubt scattered all over the world. If you get a mail claiming to be from me, infected with this virus, all this tells you is that it once passed through a machine with me in the address list.
(2) You can easily find out if the address is likely to be genuine by looking up the virus name on any of the very many good web-resources (as strongm suggests). This will differentiate between the real, fictitious, and spoofed addresses.
(3) Sending these messages can be quite harmful. If I'm unlucky and someone's been very active with a virus I can see a risk of a "denial of service" situation with the messages pouring in. In any case, many people feel strongly about viruses and get quite upset if accused of spreading them.
(4) There's also absolutely nothing I can do to stop you sending me these things since they never arrive with the address of a person on them to which I can reply explaining that I'm not the culprit.

Please don't think I'm criticising you: I also think viruses are evil, and my quibble is really with the people who chose the defaults in the anti-virus software. But even they probably didn't know what the results of their well-meant intentions would be.

Lionel

 

[Stevehewitt]

I do agree. But I have been runing a mail server here for the last 3 years. Long enough to feel the effects I would imagine. I have never had this problem. I also cannot say that I have heard of a DoS attack from a spoofed email, although I am sure it has happened.

Personally, I would prefer to be informed and clean, than not have a email and be infected. Short sighted maybe, wrong probably, logical - yes.

Steve Hewitt