Okay, so for the last couple days, I've been getting 1,000+ e-mails with SoBig attached. But today, it seemed like it's tapering off.

...And what's happening now? Now I am getting hundreds of bounced e-mails from AOL. Evidently some SoBig out there is masquerading as my e-mail.

I just feel like ranting, because with all the press about how much this virus/worm/whatever is overloading the e-mail systems, does AOL really need to be bouncing back these messages? Does this not DOUBLE the load?

Does anyone know how to get Norton AV 2002 to stop yelling about it after every message is received in Outlook? It's made it impossible to check e-mail. Receiving 100 messages and then selecting and deleting them all is easy. Clicking Quarantine and OK after each message is received is not. I'm sure I'm missing some sort of setting. I don't want to turn auto protection off since that defeats the purpose of a virus scanner, I just want it to shut up ;)

Originally posted by Lizardsoft
Does anyone know how to get Norton AV 2002 to stop yelling about it after every message is received in Outlook? It's made it impossible to check e-mail. Receiving 100 messages and then selecting and deleting them all is easy. Clicking Quarantine and OK after each message is received is not. I'm sure I'm missing some sort of setting. I don't want to turn auto protection off since that defeats the purpose of a virus scanner, I just want it to shut up ;)

I find virus scanners tend to be worse than the disease. I've seen viruses that were less intrusive destructive and annoying than mcafee and norton. I've stopped using autodetect... I generally know how to avoid viruses anyway. I just use the scanner to scan incoming files and new release files before I upload them.

I just tell my (norton) anti virus to automatically remove them.

it still give me a recieved message for each one it deletes though :-\

For a virus like this, I just think client-side filtering is a mess. When I switched to server-side filtering last year (for both viruses and junk email), problems like this completely stopped. I still haven't received a single copy of Sobig in my inbox or any bounce-back messages. I never would have known there was a virus going around if I didn't hear everyone else complaining about it. There are many server-side filters like MailScanner and SpamAssassin that make life much easier. They can be installed in a couple hours, but they make email so much more usuable.

I would think that a good host should handle this blocking automatically, especially for a problem this widespread. The technology is certain available to handle it.

Originally posted by Dexterity
I would think that a good host should handle this blocking automatically, especially for a problem this widespread. The technology is certain available to handle it.

That's what really AMAZES me? It borders on incompetance for any of these ISP's to NOT have server side filtering. It must cause them no end of trouble and cost them bandwidth... why they haven't already done this as a completely standard setup is really beyond me.

Just a quick note, that the changes I implemented (mentioned in a previous post) brought my Sobig (and any other spam/virus) to absolute zero (from several thousand a few days ago) while not reducing the number of legit customer e-mails (or orders, for that matter) I get.

I'm sure eventually it will start up slowly again (I'm not sure how smart Sobig is... i.e. if it can decipher my garbled e-mails from my html code), but perhaps changing (and masking) emails every once in a while is a good low-hassle alternative to using e.g. form-based support.

Originally posted by svero
That's what really AMAZES me? It borders on incompetance for any of these ISP's to NOT have server side filtering. It must cause them no end of trouble and cost them bandwidth... why they haven't already done this as a completely standard setup is really beyond me.

A big reason is because if they accidentally filtered non-spam and someone lost business (or claimed loss) they could be sued.

Jack

uh-oh, i just got this link about that virus

http://arstechnica.com/archive/news/1061572236.html

I guess AOL could bounce the emails back for the same reason they cannot use server side blocking of emails?, for fear of being sued if they don't deliver it to at least one end.

What gets me is a good solution is not rocket science. I think the simplest solution is for the server side software to prefix any badly reoccurring millions of times, suspect executable with a warning like

"CAUTION: THIS EMAIL COULD CONTAIN A VIRUS - Re: Re: My details"

Even if it cuts off the original title perhaps it could just include the original title in the first line of the email so the user can at least still see it.

And it can't be difficult for the server side software to statistically compare emails with executables, so once it starts seeing hundreds or thousands of similar ones, especially per hour, it can just append the message. So it adapts over time to recognise new viruses.

This causes no damage to the email, and it gets delivered, but at least it greatly reduces the main reason viruses spread because most people don't know about such things. (And I can’t see many legitimate companies emailing millions of exe files to customers, when they can use web links to bring people first to their web sites. :) … And even if this method is used to spread viruses, its one source location to quickly track down and close down, so no mass spreading of the viruses can occur.

It seems amazing to me, viruses spread because they fool people, so say “this maybe a virus” and it’s far less likely to fool people!

Anyway, that's my 2 cents worth as they say ... I've got some free time at the moment, while I download a few hundred more of these emails. ;)

p.s. Just in case there is any money in this idea, its (c) 3DAGames ;) (All Rights Reserved :) ... well I can dream ;)

In terms of using web-based forms for contact, I think spam harvesters can still pick those out from the HTML if the email address appears in the HTML (as it does with the popular formmail script). However, if you use a scripting language like PHP, you can easily keep the email address hidden, so no bots can harvest it. You could also use something like Javascript to obfuscate it, but my understanding is that people who disable Javascript can't contact you then, and I've also heard that some spambots can now get around this kind of protection.

Another option is to tag each email that comes from your web-based forms with a specific subject or header, and then you can set server-side or client-side filters to automatically trash any emails sent to that address that don't contain the proper subject or header. Thus, no emails can be sent directly if they don't go through the form.

I favor server-side protection here -- if the email address is ever sent to the client, as it is with Javascript, it can probably still be harvested.

Originally posted by Alan_3DAGames
What gets me is a good solution is not rocket science.

If this kind of thing was happening only within a single given company, it would probably be solved. It only took me an afternoon to solve the virus/spam problem well enough to suit my needs. Presently I think there's more risk of ISPs losing customers due to spam/virus attacks than there is from a tiny percentage of emails that are never received. But I could be wrong....

A server-side virus scanner can determine whether or not a known virus is present in an email. I don't know who would legitimately want to send or receive such an email. It certainly isn't difficult for a server filter to trash all such emails.

ISPs need to collectively construct a better immune system for the internet.

Most of my e-mail addresses are with our new host which does do server-side filtering of this junk, but we haven't moved one domain over yet. We agreed a while ago that everyone on our LAN HAS to use AV software, since one infection could mess with the whole network. AV software isn't bad, but it is ridiculous that after so many years Norton can't fix basic usuability problems and instead feel the need to implement "features" like that recycle bin breaker in 2003.

Originally posted by Dexterity
A server-side virus scanner can determine whether or not a known virus is present in an email. I don't know who would legitimately want to send or receive such an email. It certainly isn't difficult for a server filter to trash all such emails.


Hi, maybe they don't want to risk even the chance of stopping an email in case it costs them and then looses them customers in the future???. (And/Or the people in these corporations all move and think like sheep as they don't want to stick their necks out and risk being seen as suggesting something wrong and then risk loosing their jobs). ;)

... I don't think I make a good sheep, which I'm happy about. (plus I wear black) ;)

(Maybe we all have the black sheep indie gene) ;)

Originally posted by svero
That's what really AMAZES me? It borders on incompetance for any of these ISP's to NOT have server side filtering. It must cause them no end of trouble and cost them bandwidth... why they haven't already done this as a completely standard setup is really beyond me.

Svero, what AMAZES me is the stupid general population who still run unknown attachments

Originally posted by Nick Bischoff
Svero, what AMAZES me is the stupid general population who still run unknown attachments

Well I don't know if it's fair to expect everyone to be a computer expert. The only real difference is that my mistakes in engine repair or carpentry don't affect the globe. Fact is ... this is a solveable problem if the major isp's or microsoft would just wake up and those are the people that definitely should know better.

I'm reminded by your comment though of working at a major us firm which had lots of staff. When the first email viruses like the l love you virus appeared I use to receive tons but ONLY from the secretarial pool and marketing. Nothing from management or development. Very telling....

I just looked at the list of emails which my ISPs mailserver has automatically deleted and was surprised to learn that an emails from Disc Makers and Dr. Dobbs Journal have been blocked by the SPAM filter. These are email lists to which I've opted in, and I consider it a blatant violation of my rights as a user to have those messages blocked without my explicit consent. Luckily my ISP allows me to disable the filter, but I gather most customers wouldn't know they can do this.

I feel sorry for responsible bulk emailers who are lumped together with common spammers. What would you do if your "weekly newsletter" or "special offers for our customers" emails were blocked automatically by most ISPs? It wouldn't make me very happy if it happened to me.

I recently started running spamcop on my domain. One thing I noticed was that some of these newsletters I signed up for are getting block. I just went and whitelisted those domains, but it got me thinking. Although I don't yet have an active newsletter, I started thinking that once I do, a smart thing to do would be to run the newsletter through spamcop and see what kind of things it flags (spamcop adds a header to the email listing the suspicious attributes it found). Some of the newsletters were being flagged for things that could easily be fixed. For example, if your date header isn't formatted in the standard way, spamcop flags that and adds penalty points to the email. Certain keywords and phrases also add penalty points. By modifying emails to minimize the number of points assigned to it, you can reduce the chance of spamcop incorrectly identifying your newsletters as spam. Of course, spamcop's definitions are always changing, so it's someone your want to recheck from time to time. However, it's probably a worthwhile thing to do.

I wonder whether a cease and desist order would work against the makers of filtering software. If an email message is flagged as something it is not - flagged as SPAM when it's actually legitimate - could the sender sue the filter maker for civil damages of some sort?

It's like those dumb content filters that are now installed in public libraries all around the United States. I'd love for the filter makers to be sued for libel whenever they mislabel email or website contents.

I've just disabled the SPAM filters on my account. One false positive is one too many, in my opinion.

I just emailed Disc Makers and DDJ to inform them of the situation. If your ISP uses Vircom mail filters you should check the list of quarantined emails to be sure that nothing has been blocked by accident. I had stopped checking the list of blocked emails until today, for I assumed incorrectly that the damn thing actually worked.

I recently ran into a somewhat related issue... apparently one of my customers must have gotten infected with... ahh, I forget the name of the virus, but what it did was grab a random e-mail address from their contacts and sent out a bunch of infected e-mails using -drum roll- my business address! GREAT! Now people think my company is spamming them with virus-laden e-mails. The way I discovered this fact was that I got an e-mail bounce from an address I have no reference to whatsoever. Plus I know my account didn't send it because I handle all my mail from a web-based client.

Anyway, hopefully this won't tarnish my company's reputation...