545  ADMIN: computer viruses

ARTICLE INDEX


Date: Tue, 7 May 2002 20:46:19 -0700
From: J Lane <jlane@BLARG.COM>
Subject: ADMIN: computer viruses

Several subscribers have received email messages, apparently
from the tango lists, that contain the klez computer virus.
This virus seems to be extremely virulent; I've been receiving
several copies of it per day for a couple of weeks or so.

All of the copies of the klez virus that I've seen that looked
like they came from the tango lists actually had forged return
addresses. Forging the return email addresses is a trick often
used by the klez virus. Forged return addresses can usually be
recognized by examination of the internet headers that come with
the mail message, but this requires an uncommon degree of
knowledge of some fairly technical subjects.

I have changed the ListServer's options so that it will reject
posts that contain MIME attachments. This should reduce the
chances of the ListServer distributing a virus (including the
klez virus), but it is going to inconvenience some people.
Subscribers who send posts to the list in MIME format may have
those posts rejected directly by the ListServer instead of by
the moderators. The ListServer's built in error messages do
not explain the reason for rejection as well as the moderators'
messages.

There is little that the ListServer or the moderators can do
about messages with forged return addresses, though, since they
are not actually sent by the list.

I have also changed the ListServer options for the tango-l list.
Messages from tango-l should now have a "[TANGO-L] " prefix in
the subject line. Any email with a tango-l return address that
does not have that subject prefix should be considered suspicious.
Likewise, all email from tango-a should have one of the geographic
prefixes in the subject line. List digests should have the name
of the list and the date in the subject line.

Risks to internet users have become more frequent and more
sophisticated each year. Detailed discussions of these risks
is off topic for a tango list, and the information is readily
available elsewhere. Briefly, though: opening email attachments
is always dangerous, even if they appear to come from a trusted
source. Viewing email in HTML and/or MIME is also generally
dangerous; this is part of the reason why the tango lists require
plain text format. For more information, check out www.cert.org
and/or the various vendors of antivirus software.


Jim
Tango-a/l co-administrator




Date: Tue, 21 May 2002 19:13:22 +0200
From: Chris Luethen <christian.luethen@GMX.NET>
Subject: Re: ADMIN: computer viruses

On 7 May 2002, at 20:46, J Lane wrote:

> I have changed the ListServer's options so that it will reject
> posts that contain MIME attachments. This should reduce the
> chances of the ListServer distributing a virus (including the
> klez virus), but it is going to inconvenience some people.

Thank you for establishing those features. IMHO we definitely do
not need any attachement posted open through the list.

> I have also changed the ListServer options for the tango-l list.
> Messages from tango-l should now have a "[TANGO-L] " prefix in
> the subject line.

Unfortunatly this hasn't happend to the posting I receive. I actually
absolutely support introducing this option, not only for the improved
safety but also offering the possibilty to easier see at first glimps
where a mail comes from! [I am on different mailing list,
professional and non-professional, and sometimes you can hardly
tell from the subject where the roots of a mail are]

> Risks to internet users have become more frequent and more
> sophisticated each year. Detailed discussions of these risks
> is off topic for a tango list, and the information is readily
> available elsewhere. Briefly, though: opening email attachments
> is always dangerous, even if they appear to come from a trusted
> source. Viewing email in HTML and/or MIME is also generally
> dangerous; this is part of the reason why the tango lists require
> plain text format. For more information, check out www.cert.org
> and/or the various vendors of antivirus software.

Information lies in the words, not in the formating. Therefore again:
Thanks for establishing all these safety measures!

Regards from Rotterdam, NL
Christian


Continue to Developing Effortless Mastery in Tango | ARTICLE INDEX