[clug] [AUSCERT ALERT - Email worm W32.Beagle.A/Win32.Bagle.A]
Nemo -earth native-
nemo at nut.house.cx
Mon Jan 19 09:06:23 GMT 2004
On Mon, Jan 19, 2004 at 07:47:35PM +1100, Damien Elmes did utter:
>
> Note that a lot of viruses sending .exe attachments use fake from
> addresses, and by sending notification emails to the sender, you're at
> risk of annoying innocent bystanders. Better to notify the recipient:
> they can always contact the sender if they desire the attachment.
I recieve alot more spam directly than I do as responses to spam sent in
my name. Whilst I certainly woulnd't want a message for every spam sent
in my name, I also sure don't want a message for every spam (well, worm)
sent to me either.
For me personally, if someone I know deliberately sent me a windows
executable as an attachment, then at best I'll ignore it, and at worst,
I'll email them telling them how silly, pointless, etc the whole
exercise was. This config effectively does that for me. ;)
Back to the original point, there is also an element of selfishness I
admit. If someone is going to be annoyed by either a bounce or a
notification, then since (imho) most of these are worms, it's better to
not annoy my paying customers.
More pragmatically, if we notified the recipient on every catch, then
they'd have to manually contact the sender to send it through via a
loophole anyways - by rejecting back to the sender, we've automatically
done the customers job for them on 'real' attachments.
.../Nemo
--
------------------------------------------ --------------------------
earth native
More information about the linux
mailing list