European distributors of virus

[Addlcove]

I work as a network-adm./it-supporter at a rather large danish company.

today we had (yet again) people receive virus mails from assorted anonemous adress...

except we´re using Notes, which means that getting the IP adress of the sender of the mail is actually rather easy, so I put on a traceroute and lo an' behold, the trace ends at a wannado server in bourdeaux (sp?). I contact my boss to let him know that we knew where some of the virus mails was comming from and his response was

"Ja den er meget god. Jeg har tidligere sendt advarsler ned til dem, men de
svarer ikke. Lad det ligge, vi får styr på det om et par måneder."
translated it says

"yeah right, I´ve sent them warnings earliere but they don´t answer, leave it be we´ll handle it in a few months"

of course what I wonder is if you can actually sue someone for sending you virus repeatedly after warning them that their systems are infected !


enough ramblings, enjoy your day

 

[Ssera]

hmm my ISP is still infected with MS Blast... warned them plenty of times but whenever I do a reinstall and connect to the net before running all the xp fixes or putting up the firewall, I get infected.

/shrug

 

[oblimov]

you cant sue a company for sending a virus regardless if theyve been informed or not

This happened a while back in the network where i work, we identified that a lot of the virus stuff was coming from a korean ISP which we contacted and even had a meeting with the guys there who ran it.

Basically theyre not at fault due to the fact that you cant be expected to operate 100% secure its just not possible, despite the fact that others tell you about your flaws its still only a case of patching here and patching there and then finding out more viruses have got in

Its a never ending struggle, ideally if there was some sort of EU directive or global standard on virus protection or virus updates which each independant virus company had to meet and merge into their existing protection then maybe this would become less of a problem

However thats not gonna happen, lol soz for going on this kinda thing interests me its what i wrote a paper on a while back

 

[Addlcove]

feel free to keep going on

don´t know if he was talking about sueing just the "we´ll handle it in a few months" that made the sentence sound like it

 

[chretien]

hmm my ISP is still infected with MS Blast... warned them plenty of times but whenever I do a reinstall and connect to the net before running all the xp fixes or putting up the firewall, I get infected.

/shrug

It may not be your ISP that's infected with MSBlast. if you've not patched or turned on a firewall then you're vulnerable to the exploit. The way it works is that it scans for the specific open ports and attacks any vulnerable machines it finds. It doesn't need to be on your ISP's network to do that. Either turn onthe default XP firewall before setting up your internet conection or download the security patch and kep a copy on disk so you can patch it offline.

 

[old.Whoodoo]

hmm my ISP is still infected with MS Blast... warned them plenty of times but whenever I do a reinstall and connect to the net before running all the xp fixes or putting up the firewall, I get infected.

/shrug

Dude, disconnect your PC from the outside world, rebuild, install a firewall (Zone Alarm is great IMO, better than the shat excuse for on the XP comes with!!), then reconnect it and run youre patches.

MSBlast is trasmitted via email, my tip here, be wary of your email provider and dont use Outlook, try something like Eudora instead.

If in doubt, go to www.symantec.com and download their virus fixes, and hopefully, your free once again

 

[sibanac]

Dude, disconnect your PC from the outside world, rebuild, install a firewall (Zone Alarm is great IMO, better than the shat excuse for on the XP comes with!!), then reconnect it and run youre patches.

MSBlast is trasmitted via email, my tip here, be wary of your email provider and dont use Outlook, try something like Eudora instead.

If in doubt, go to www.symantec.com and download their virus fixes, and hopefully, your free once again

Or just get a 50 euro hardware router

 

[Addlcove]

nothing wrong with Outlook Express. just play the noia and don´t open mails you don´t know who sent

 

[sibanac]

nothing wrong with Outlook Express. just play the noia and don´t open mails you don´t know who sent

Outlook Express has been exploited more then a $5 crack whore

 

[Ssera]

It may not be your ISP that's infected with MSBlast. if you've not patched or turned on a firewall then you're vulnerable to the exploit. The way it works is that it scans for the specific open ports and attacks any vulnerable machines it finds. It doesn't need to be on your ISP's network to do that. Either turn onthe default XP firewall before setting up your internet conection or download the security patch and kep a copy on disk so you can patch it offline.

Hmm good point. The trouble I have is that when I reinstall winxp (for whatever reason) I install it from the CD I've had since it got released and only after do I patch to SP1 etc. Usually I remember to load up the firewall beforehand but sometimes I don't . Still think ISP has it though, as I literally get it the moment I connect to the net

Oh, off topic but might find it interesting: War Legend (a uber french guild on Broc) is currently doing ML10

 

[SilverHood]

Just because a server is sending viruse doesn't mean that it's infected...

What you're tracing is probably the mailserver which is routing the mail....and not the pc sending it out... the mailserver probably ackowledges the mails sent by the infected pc as "legitimate" emails...

Still, anyone running a mailserver should spot these things...

When I had the sobig virus, my ISP switched me off. Now, these guys are tools. They have fuck all idea of running an ISP. They make British Telecom and NTL look like the daddies. Yet they still managed to detect that my pc was infected and sending stuff through their network.

Wonder how they compare with Wanadoo tho

 

[Ssera]

Ah back on thread - I agree with what SilverHood said, you're just tracing the ISP where the mail originated from (and the IP that was used at that time). Happens to me all the time at work, most recently with Netsky-D. I just backtrace the email, get the IP it was sent from and the ISP name (using ping plotter) then do a WHOIS query.

Usually brings up email addresses of who to contact in case of an abuse/virus etc. Simply email them with the header of the infected email and there you go. Done it twice in the last 2 months where I kept getting the same email from the same ISP. Tracked it down and sent a report and never got a virus from there again \o/.

I don't think you could actually sue the ISP tho... but contact them and they'll dump on whoever's been sending them in the first place (or warn that person that they've been infected if they have nothing to do with it).

 

[Takhasis]

if u check out www.sophos.co.uk you'll find out that a LOT of email born viruses spoof the sender address, so you sending mails to the sender saying "f*ck off with the viruses" is no use, as it may not even be them doing it.

 

[Ssera]

if u check out www.sophos.co.uk you'll find out that a LOT of email born viruses spoof the sender address, so you sending mails to the sender saying "f*ck off with the viruses" is no use, as it may not even be them doing it.

sure many spoof the sender address so just hitting reply doesn't work, but no where near as many actually spoof the IP address (which you can get by looking at the email header).

 

[Aremeriel]

if u check out www.sophos.co.uk you'll find out that a LOT of email born viruses spoof the sender address, so you sending mails to the sender saying "f*ck off with the viruses" is no use, as it may not even be them doing it.

Got some nice examples of this at work... I also work with IT, but most along the lines of support, backup, mail and security...

Especially two nice mails came through to one of our users who got pretty upset and almost freaked out of fear...

Both were mainly saying that they had detected a virus at her computer...
Both contained an attachment that had been deleted in our antivirus.

Here's the funny part... The mails she got was sent from staff@"the_company_I_work_for".no and support@"the_company_I_work_for".no

The thing here is, I work for a Norwegian company, and well... We've NEVER had e-mail addresses with either staff@"the_company_I_work_for".no nor support@"the_company_I_work_for".no

She freaked out even more when I explained to her that these mails were virus mails... Took me a while to explain to her that our company didn't have any of those mail addresses and that they were spoofed though... And that the virus had been removed by our anti-virus... But when she finally understood, she relaxed..

We remove a lot more spam mail than virus mail though... And we've closed our system pretty tight... We don't allow any executable files, encrypted (passworded) zip-files or even HTML files... We do get some complaints about this from our users though, saying they can't work without that attachment... And since some of the work they do is not allowed for the public, they refuse to send it unencrypted. When I then tell them that e-mail is as open as a postcard, guess who gets the blame?
I'd LOVE to have an e-mail world without spam and virus... He he...

 

[Korax]

Still think ISP has it though, as I literally get it the moment I connect to the net

Yup, I'm not into how, but that is common. Plug your computer on the net unpatched you can easily be doomed within 20 sek.

 

[chretien]

Dude, disconnect your PC from the outside world, rebuild, install a firewall (Zone Alarm is great IMO, better than the shat excuse for on the XP comes with!!), then reconnect it and run youre patches.

MSBlast is trasmitted via email, my tip here, be wary of your email provider and dont use Outlook, try something like Eudora instead.

If in doubt, go to www.symantec.com and download their virus fixes, and hopefully, your free once again

MSBlast is not transmitted via email at all. It spreads through portscanning and then overflowing the remote procedure call buffer. It will actively scan the internet from infected machines looking for vulnerable (i.e. unpatched or unfirewalled) computers and then attack when it finds one.

I guarantee that if you set up an account with any ISP and connected to their backbone unpatched you'd still get MSBlast within seconds. It isn't coming from their servers.

 

[Tiwaz]

Outlook Express has been exploited more then a $5 crack whore

Well, that not because there's anything wrong with OE, except the fact that it starts with 'Microsoft', hackers favorite victim.

That's actually the one good thing about Lotus Notes. Most viruses don't even know of its existence, and often don't spread from it.

I work in the IT department of another large danish company (actually danish/swedish/norwegian company), who uses Notes, and sure we get viruses, but IF they spread internally, it's ALLWAYS from computers that had Outlook installed as well (the Swedish part of the company used Exchange/Outlook before).

When all that is said, from a users perspective, I really prefer Outlook over Notes.

 

[Driwen]

We remove a lot more spam mail than virus mail though... And we've closed our system pretty tight... We don't allow any executable files, encrypted (passworded) zip-files or even HTML files... We do get some complaints about this from our users though, saying they can't work without that attachment... And since some of the work they do is not allowed for the public, they refuse to send it unencrypted. When I then tell them that e-mail is as open as a postcard, guess who gets the blame?
I'd LOVE to have an e-mail world without spam and virus... He he...

tell them to upload it somewhere, where the other person can reach it aswell and then send the link in an email? Unless you also block people downloading those files from a ftp/site .

 

[Aremeriel]

tell them to upload it somewhere, where the other person can reach it aswell and then send the link in an email? Unless you also block people downloading those files from a ftp/site .

Our users don't have access to Internet from their workstations..
That would result in a security flaw.. When people start working here, they have to sign a contract of silence (not sure what it's called, but I hope you get the meaning). The system here must be as secure as possible to prevent hackers... So, your suggestion wouldn't work... I tell them that if it's secret, they have to 1) send it in snail mail 2) send a CD in snail mail

 

[Ssera]

When people start working here, they have to sign a contract of silence (not sure what it's called, but I hope you get the meaning).

usually called a Non Disclosure Agreement here.

 

[Aremeriel]

usually called a Non Disclosure Agreement here.

Thanks..

 

[oblimov]

2 networks for net and non net access is very secure nice

my place probably should implement something similar however the costs are just huge

your network without the internet doesnt have any gateway whatsoever to the outside world? even if its protected?

 

[Driwen]

Our users don't have access to Internet from their workstations..
That would result in a security flaw.. When people start working here, they have to sign a contract of silence (not sure what it's called, but I hope you get the meaning). The system here must be as secure as possible to prevent hackers... So, your suggestion wouldn't work... I tell them that if it's secret, they have to 1) send it in snail mail 2) send a CD in snail mail

you could put a ftp up on the network though, dont really have to have acces to internet for that. Besides if its in the same building it shouldnt be to hard to just use memory cards for most files (or install zip drives) and then just hand it over in person or through company mail if you have that.
But if enough people have problems with it, maybe setting up a ftp for this might be worth it. Depends on the need of it, I guess.

Also no internet but there is email? So if that email doesnt go through the internet, so why is there a problem with virus or spam?

 

[Aremeriel]

2 networks for net and non net access is very secure nice your network without the internet doesnt have any gateway whatsoever to the outside world? even if its protected?

We have mail gateway.. That's all.. At least that I can remember at the moment...

you could put a ftp up on the network though, dont really have to have acces to internet for that. Besides if its in the same building it shouldnt be to hard to just use memory cards for most files (or install zip drives) and then just hand it over in person or through company mail if you have that.
But if enough people have problems with it, maybe setting up a ftp for this might be worth it. Depends on the need of it, I guess.

We don't do that kind of checking on internal mail.... The mails can come from the other side of the country or even from another country...

Also no internet but there is email? So if that email doesnt go through the internet, so why is there a problem with virus or spam?

Errrrrrrrr..... The users don't have access to Internet, but they do have access to send mail to the Internet... All communication external goes through the mail gateway and Firewall etc.... No Internet does NOT necessarily mean no external email as you seem to think... Although, it's not more than 3 years ago since they didn't have access to send external e-mail either...