Virus detection?

Virus detection?

Didn't find your answer?

Someone has suggested that I put a new name and address in my email address book called aaaaaa. Apparently, this would mean that any virus which tried to send itself from my system would fail as it would stall on the first item on the list, this being an invalid address. I would also receive a message that an email could not be sent, which would alert me to its presence. I could then remove the virus before it went to any of my clients!

I have other protection (firewall/anti-virus software)on the system but wondered whether this would be a useful precaution. Can any IT experts please comment?
Susan Lawes

Replies (5)

Please login or register to join the discussion.

avatar
By Stewart Twynham
28th Aug 2003 13:29

Blended threats
Virus writers are no longer schoolkids in darkened rooms, and the sophistication of Sobig.F should come as no surprise.

Not only does it search for an address book, it also trawls for email addresses through any locally stored web pages. It was also designed to move "sideways" - attaching itself to other files on network drives, hitting users and machines that don't even have email - although it appears that this doesn't work properly in Sobig.F. Maybe in the next version...

The best email anti-virus protection comes from outsourcing to companies such as MessageLabs - who scan email before it reaches your network and guarantee never to pass a virus through. This is possible because they handle so much of the world's email, they can spot patterns produced by spam and viruses in real time - long before conventional "signature based" anti-virus and anti-spam products have had time to react.

Stewart Twynham
Bawden Quinn Associates
[email protected]

Thanks (0)
avatar
By excalibur
22nd Aug 2003 16:54

Many thanks for that John
If I were to block the types of suffix you named, would I still be able to receive Word and Excel attachments from clients? I had understood that Excel macros had an 'exe' element within them. Does the block just look at the suffix of the attachment or the files within the attachments?

Thanks (0)
avatar
By dclark
22nd Aug 2003 20:04

Get covered !!!
I still find it incredible that users have a problem at all...the actions are easy

1 the vast majority of viruses attack Outlook or Outlook Express address books, so get rid of them....stop using Outlook email clients (and delete any trace of address books) - use something else. Probably less than 0.001% of people take this simple action. In general the aaaaaa doesn't work, because the virus READS your MS address book and uses it's OWN email client to send them, so you wouldn't know it has done anything

2 use virus protection and PAY for it. At times it seems that most businesses don't have anything. A 30day demo is useless and not taking upgrades is as bad as not having anything. Most people we come across have loaded virus protection, but don't update it. If it is good virus protection, it will pick up the attachment contains a virus

I could go on, but you (not you Susan, but a general you) deserve to be hit by viruses and loosing days of work, if you don't take simple precautions !!!!. I would add that if you already have an antivirus product and it has auto update on AND you still get viruses or attachments through.......CHANGE YOUR PRODUCT, because it obviously does not work or provide relevant updates quick enough.


Kind Regards

Daniel Clark
Ryba Macaulay Ltd
[email protected]

Thanks (0)
avatar
By mraccyd
24th Aug 2003 20:51

Not that stupid
I read somewhere that this approach will not work with some of the newer viruses as they choose addresses randomly, and thus would not always go for the first oen in your address book.

Similarly, if the visrus is sending several e-mails it will not wait for the e-mail bouncing back before it sends the next one so this wouldn't work.

Try, AVG anti-virus (www.grisoft.com)it's free and I've got an ADSL connection and never had an infection yet (touch wood).

Dave

Thanks (0)
John Stokdyk, AccountingWEB head of insight
By John Stokdyk
22nd Aug 2003 16:14

It can't hurt
Hi Susan,

We had someone suggest this approach a couple of years ago on Any Answers - and it hasn't hurt me to have someone called "001" in my address book ever since. But it will only work on viruses that dispatch themselves to the people in your address book.

Msblast.exe, for example, by-passed the usual route of infection and went straight for port 135 on vulnerable Windows systems. The dead-letter address trick would be useless in that situation.

What I'm still trying to fathom is just why the latest Sobig.F outbreak is so virulent. I got enough "Your application" emails last time around that I immediately recognised something was up. Fortunately, our mail servers strip out .pif, .scr, .bat, .exe and other suspicious file attachments before they reach Outlook - that's one of the more effective precautions you can do yourself.

Hope your system stays healthy!

John Stokdyk
Editor
AccountingWEB.co.uk

Thanks (0)