An Email to Jane
On Thu, 25 Apr 2002, Jane wrote:Warning. Virus alert. My computer has been infected with a virus. You may have received an email from me that contains this virus. Please be careful about opening emails from me and make sure you are protected by using anti-virus software. Sorry about the inconveinience. --- Jane.
Here are some notes. We get 3000 emails per month. So I have to fight viruses also, I try to keep on top of them. Send this to your friends - it will make life easier if they know how _all_ of these email viruses can be prevented.
- Are you using Outlook? -- Better Look Out! It seems to be responsible for 99 percent of all viruses and e-mail worms in the last two years.
- Are you using HTML? -- that is an easy worm transfer.
- Are you using Explorer? -- it has more than a few security leaks.
- Are you using Java? -- it is about as secure as a 4 inch high fence.
- Are you using Java-Script? -- It has been implicated in stealing address lists (from Hotmail, no less), and is used by a number of viruses.
Dont trust virus software. The fixes are always available after the virus is out, not before. You could be the first on your block to be infected, and then the virus software is not going to do any good. And you will not know about it at first. It is much easier to just avoid a few lame and leaky Microsoft products..
If you have the latest virus, it will be the MicroSoft Outlook Klez.H email worm (there are currently 4 varieties and clones). But you will never know, because it makes fake connections to MX machines, sends 125 KByte infested files to your friends, and writes fake return address.
I have been getting three or four a day -- I cannot trace them, because half the envelopes and headers are faked. Anyone with Windows who previews their email also gets infected immediately.
The "subject" reads like one of these.. (but there are many more)
- how are you
- let's be friends
- so cool a flash,enjoy it
- your password
- some questions
- please try again
- welcome to my hometown
- the Garden of Eden
- introduction on ADSL
- meeting notice
- japanese girl VS playboy
- look,my beautiful girl friend
- eager to see you
- spice girls' vocal concert
- japanese lass' sexy pictures
You could also get the one which goes, "Subject: Jane, honey".
It can even send a message telling you have a virus, and what to do about it, except the instructions will get your machine infected.
The text is in html and munged, so probably anyone opening the email immediately gets screwed. I dont know, I bounce anything that big before it reaches my mailbox. I use Linux as the internet connection and email box; I also use Windows; but I have no anti-virus programs at all, and have not had them in the last 6 years or so, and no problems.
My Linux solution is to intercept these enmails on the fly with a procmail script, as follows ...# -- Klez Check filter
* > 100000
That deletes all emails larger than 100 Kilobytes as they are received, and before they get into my mailbox. Nothing much else you can do.
Microsoft puts out a change (a "fix") to Outlook every three days. They have been doing that for two years. But things are no better. Often the fixes cause more problems than they fix.
Here are some of the recent viruses, and Java, Hotmail, plaintext notes, starting with "Klez"...
- "Win32.Klez.H, Win32/Klez.H.Worm, WORM_KLEZ.G, Win32.Klez.H at mm"
- mass mailing, network aware worm, April 17, 2002 Contains HTML code which exploits the "Incorrect MIME Header" vulnerability in Internet Explorer, Outlook and Outlook Express. Sends infected files to all entries in the addressbook, using other entries as return addresses. Makes MX connections with faked return identification; some versions fake the first envelop line also.
- "Bubbleboy, Seinfeld, BBV" Email worm
- This was one of the first email bugs, two years ago: Windows 32-bit systems running Microsoft Outlook and Outlook Express Description: Bubbleboy is the first worm able to spread via e-mail simply by viewing the message in the preview pane of Outlook Express or opening the message in Outlook.
- "BadTrans, W32.Badtrans.b" virus, Nov 2001.
- Microsoft Outlook and Outlook Express, using Internet Explorer version 5.0 or 5.5. It infects by email appearing in the Preview Pane. Send attachments "FUN, HUMOR, DOCS, S3MSONG, Sorry_about_yesterday, ME_NUDE, CARD, SETUP, SEARCHURL, YOU_ARE_FAT!, HAMSTER, NEWS_DOC, New_Napster_Site, README, IMAGES, PICS."
- "BleBla, Verona, Romeo-and-Juliet, I-Worm.Blebla" Internet Worm
- Systems Affected: Windows 32-bit systems running Microsoft Internet Explorer 4.0, 4.01, 5.0, and 5.01 Spams alt.comp.virus newsgroup, using security vulnerabilities in Microsoft products that allow the worm to execute by reading email.
- "Davinia, HTML/Davinia, HTML/LittleDavinia"
- "Kak, Kagou-Anit-Kro$oft"
- "Nimda" email virus
- From infected Microsoft IIS server websites, also emails itself with attachment "README.EXE" Microsoft Windows (95/98/NT/2000/ME), Microsoft IIS servers, Microsoft Outlook and Outlook Express, Microsoft Internet Explorer 5.01 or 5.5 (infects simply by you previewing the email in the Preview Pane) Hammers adjacent websites, looking for Microsoft IIS Server. (At Spaces.org I was getting 30,000 bogus requests per hour in November of last year - but we use Linux.)
- "VBS/Forgotten" mass-mailing email worm
- HMTL email embedded Microsoft Outlook, and Microsoft Active-X (lost the damage details)
- By: Thomas C Greene in Washington
Posted: 05/02/2001 at 16:59 GMT
- other news:
- "A flaw that allows an intruder to hijack an MSN Messenger user's account and virtually impersonate the innocent victim in cyberspace has been fixed, Microsoft Corp. announced Monday. Meanwhile, the company said it is investigating reports that new MSN Messenger users who sign up for the service could find their account already populated with contact information from someone else's account...."
- and just a note: "The Joy of Plaintext"
- Wednesday, August 8, 2001
Microsoft hates the fact that email is in plaintext. My Outlook Express client is buggy when it comes to handling the simplest of all tasks: receiving and responding to a text email. I've fiddled with all the internal settings, trying to get it to convert HTML mail to text, responding in text, and including all these simple plaintext protocols like adding ">" to quoted parts of an email I'm responding to. But my Outlook still insists on having things pop-up in tiny, colored fonts that are impossible to read, and then not tagging quoted text. In this environment, emails quickly bloat and become incoherent.
This hatred of plaintext is also evident in Hotmail, Microsoft's Trojan horse to Passport. The web-based text editor actually allows you to format your mail using bold, italic, and underline etc. Insanity even when it doesn't crash your browser. I'm glad AOL is still holding out against this sort of nonsense. I hope it continues to do so.
Why does Microsoft hate plaintext? One possible reason is it comes from the PC-world where having a printer was all important, and don't understand that desktop publishing functions like bold, italic, and underline make no sense in the networked world, where data is rarely printed out. But I think they're smarter than that. The real reason Microsoft hates plaintext is because it makes lock-in impossible. Plaintext can be created by anything and read by anything. It is the cleanest, simplest, least proprietary way of passing information from A to B. The Unix culture, where interoperability is God, understands this, and has raised simple programs passing plaintext to a high Art. By contrast, Microsoft thinks interoperability is Satan and focuses on locking-in customers and locking-out competitors, using proprietary file formats like .doc to extend its monopoly. Plaintext is the enemy of proprietary standards. It is also the enemy of monolithic programs that are conservative in what they try to do and liberal in what input they accept. Microsoft understands this well, so is trying to kill the format.
The average computer user does not understand the power of plaintext. They don't know how to work in the networked world and see no problems with storing notes that will never be printed in Word documents. In time, businesses that understand how to operate in a networked environment will realize what Unix users have known all along -- keeping information in plaintext allows for faster searching, delivery, and manipulation. And if businesses reinvent themselves along these principles, they will gain competitive advantage over their competitors.
In the meantime, don't let Microsoft turn email into just another of their proprietary standards. Stick to plaintext.
What can you do?
- Get Eudora as an email reader. It is free or cheap, very stable. Search the internet, download it, install it, and make it the default email reader.
- Go into your browser and shut down "Java". You can leave "Java Script" up and running - just be aware the Explorer and Netscape do not use all the same code, so some things will not work correctly from some web pages at times.
- Get the "Opera" browser -- also cheap or free -- and very fast, and accurate, but will take some time and details to set up initially the way you want it. If a page does not look right with Opera, then you can be certain that the HTML tags are incorrect -- which is only a small gloating matter, since most web developers only do a cursory check with one available browser.
- Dump everything and install the Linux OS. Then you can use "Lynx" which doesnt show pictures, but is easily 100 to 200 times faster than Explorer. There is also a DOS-Lynx available which can be installed to operate in a DOS-box under Windows.
And none of these other programs ask you for your name, age, gender, address, accupation, income range, religious affiliation, and then sell that information to internet spammers.
ISP: Counterpoint Networking,
Website Provider: Outflux.net, www.Outflux.net