Slashdot Mirror
Anti-Virus Companies: Tenacious Spammers
jaroslav writes "There is a great article over at Attrition about the problem of anti-virus related spam. I don't know if we should all start reporting this to the government, but telling the companies themselves that this should stop might get some results."
Not three hours after this comment, someone mailed this to Declan's Politech list, a cheat sheet for computer illeterate journalists angling for something to stay more relevant than the typewriters they still swear by. And then the very next day, we see three different articles with variations on this very topic. Five bucks says the next issue of eWeek borrows in their next issue as well.
Yes, as always, none of the stories credited Politech, though the names of the authors who borrow liberally are always the same. And Politech didn't credit Slashdot, where the Politech submitters borrow a full half of their stories with equal disregard for journalistic integrity. Indeed, the only time Politech credits Slashdot is when they believe Slash has said something stupid. These reporters are hooked on the easy source of stories, yet trash it publicly for fear others will find the tool that's kept them from having to do actual reporting anymore.
I may be here to take Linux away from you, but you can't argue that I don't give something back. You hate me. But you love me too, and you hate that as well. Think of it, you see me just the way others see Slashdot.
If you'd like to track Politech's ongoing plagiarism of Slashdot, jump on their free mailing list and have a laugh. Watch the submissions. Watch each story jump from Slash to Politech (search the comments after each new Politech post and you'll find the original +4 or +5 comment 4 times in 5), then check the NY Times, Barron's, and Ziff Davis Publishing for the same authors publishing borrowed stories the very next issue. They do it like clockwork, because these "tech" journalists don't realize that we're on the internet too.
~Darl
No kidding. I used to pass the emails along to the end users. Not any more. After this last worm (MyDoom), I became fed up with having to explain to the users why they were receiving the emails. As the parent poster did, I just throw them away. Problem solved. As for the people who allow their AV gateways to send back auto responses, they should be shot. Every time I receive one of those emails from postmaster@somewhere, I fire back a nasty email tell them to cut it out.
When Blaster was going around, I decided I wanted a new email alias on my campus's email system. I chose just my first name, and to my surprise, it gave it to me.
As soon as it was set up, I started getting 50-100 messages from other servers saying that my address was spewing out viruses. Of course, this is impossible, seeing as my computer never even knew that I had this alias. Yet, I kept getting it time and time again.
The problem was, I couldn't delete the alias, and I ended up with hundreds of these messages per day. Incredibly frustrating. They must know that it serves no purpose.
This is something that's always concerned me when we talk about boycotting companies that advertise with spam...it's completely reasonable to believe that someone in an affilliate program is sending out millions of emails (which you can do for free if you try)in the hopes of pulling down some easy commissions.
I'm not sure what it would take to deal with this though...the company would have to be willing to cooperate for certain, and you'd have to set up some sort of sting if the spammer was at all capable of covering his tracks (have someone go through with a purchase to the point where the affiliate information was made visible)
Chaos, panic, disorder...my work here is done.
I work at a helpdesk, so I've spent the last couple days repeating how from headers can be forged, ect, ect to users... so I agree with the frustration and do want it to stop.
At the same time, if I unknowingly sent an important document that had a virus and was not recieved, I would want to know. Years ago I remember sending a resume that was infected with a word macro virus - I was glad that I got a bounceback message, since a)I knew I had a virus and b)I knew the place didn't get my resume.
I have blog like everyone else
You want scary? How about the daily tech article in my local free newspaper being written by some "MS Lifestyle Representative" or somesuch. They are written like articles, but are blatant ads for MS products. There's no official 'ad' marker for the article, and supposedly it seems like they just want the reader to think its a co-incidence that its written by an MS employee and seems to put forth the laughable notion that whatever your problem, the best solution is an MS product.
That was scary, thinking about the million or so people who read it every day and don't even think of it in their minds as an advertisement with a vested interest in selling MS products.
"Old man yells at systemd"
This is really weird. I've been on a campaign for the past day or so to the big myDoom "spammers". I've been sending out the following e-mail:
As a mail administrator or antivirus company, you are probably well aware of the current trend in viruses to forge the senders address. Your system has been caught by our system, replying to these forged addresses to notify them that they sent a message containing a virus. This has been causing undue hysteria within my organization, and must stop immediately. In addition, this message was sent unsolicited and without prior business ties, and may be a violation of federal and/org state anti spam laws. Further messages will result in a permanent block on your SMTP server's ability to send mail to ours, and a submittal of your "replies" to several major spam blocking services and black hole lists.
If enough of us do this, maybe these guys will get a clue to turn off the reply feature.
Let's face it, these people all have a vested interest in making sure that viruses are not eliminated.
In the last Slashdot story about the Mydoom worm, a Computerworld article quoted the damning evidence directly from the horse's mouth:
No one has yet reported an infection by Mydoom.B, said David Perry, global director of education at Cupertino, Calif.-based antivirus vendor Trend Micro Inc. "If 100 people in the world had been infected, we would know," he said. "In fact, almost all of the viruses that have ever been detected never infected anybody ever. We say that there are about 77,000 known viruses, but only about 900 of them have ever infected anyone."
Huh? Pardon me? If they never infected anyone, then what makes them viruses? How were they detected if they never infected anyone - from the original first seeds by the viruswriters themselves? Then why in the hell haven't they tracked the virus writers down? Are these inventions of the AV companies that never existed outside of the AV companies' labs? Only 900 out of 77,000 ever infected anyone - isn't the virus problem then vastly overrated?
Given the above statement and the quite legitimate complaint that started this thread in the first place, I really think everyone should question the AV companies' role in the virus situation.
FWIW, one of the examples the author gives as a AV spam -- the one with the content "Mail Transaction Failed" -- is one of the mails MyDoom/Novarg sends out.
But, in a way, the virus is spamming, too.
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
Blaming the AV companies for the failure of the IT personnel of other organizations to evaluate and properly configure their mail gateway AV software seems like a load of crap to me.
Besides, sending these e-mails arguably provides a positive service, because self-propagating e-mail viruses are everyone's problem, and a bit of vigilance on each person's part is required to prevent one of these viruses from becoming a worldwide problem.
Using a shotgun approach to tell people that a virus is going around helps to inform everyone. Everyone needs to educate him- or herself about virus protection and prevention, so that they can personally know whether their machine could be infected or not.
Also, telling those people to contact their local IT staff just gets the IT staff in gear to help stave off something they should have already been on the ball about. If the IT staff were prepared, then their company's employees would already be in-the-know, and would not harass IT with needless panicky e-mails.
If, on the other hand, the software package sending the spam warnings provides links to their web page, then I'd lean toward considering it to be spam rather than information.
And tell your friendly sysadmins that if they would adopt SPF (Sender Permitted From), mentioned on Slashdot quite a few times now, that we would no longer have the problem of From addresses not patching the "postmark."
A sampling of the increased wasted bandwidth and resources my system has dealt with in the last week:
24-hour period, number of bounces
Jan 22, 794
Jan 23, 843
Jan 24, 872
Jan 25, 936
Jan 26, 5472
Jan 27, 19426
Jan 28, 20468
I've had more of an increase in AV Company spam than I have in propagation of the worm!