--- will hill <[EMAIL PROTECTED]> wrote: > On 2004.01.28 08:15 Shannon Roddy wrote: > > > > Doesn't matter if I have any windows systems > running. The virus spoofs > > the sender's address. So, if you are in someone's > address book, > > chances are "you" are sending out copies of the > virus. > > > > That's not what I'm getting at. I want to prove > that Microsoft is behind the attack.
That's not science, that's politics. Or religion, considering your zealotry. Have you even read the analysis on how this virus works? See: http://us.mcafee.com/virusInfo/default.asp?id=mydoom http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] > First, prove > that the spoofs were just that - the messages did > not come from your own machines. Then look for a > pattern in those chosen to be spoofed. Patterns? You are now leaving the realm of science and moving into the realm of Bible Code. > There's > something very suspicious going on here. Bruce > Perens compared MyDumb to the Reichstag fire and I > agree. *Sigh* Will, I thought you were trained as an engineer. How can you let your anti-Microsoft bias relieve you of reason? You are perceiving the facts in a biased manner to prove a forgone conclusion... Have you considered a career in law? > If the virus did not get your address off your > machine, where did it get it and why? ANOTHER person's machine, specifically the Outlook address book of an infected machine. Somebody who had Shannon in their Outlook Address book was dumb enough to open the attachment in a MyDoom-laced email. This starts a program that reads the address book in that Outlook client and starts sending emails using it's own SMTP server with a modified "From:" header, among doing other things. > Showing that > the virus did not get addresses from your machines, > just show that you did not run M$ and monitor your > network's traffic. Say what? What exactly will that prove? > Then ask why would a virus spoof > an address found on a computer rather than the > computer user's own address? To propagate itself in the most effective manner possible by sending emails out from a number of different email addresses rather than just one email address of the user's infected computer, which could be easily blocked and/or traced back to the user, who could be notified and then that user could take action. > It's the computer > user's name that will be trusted by people on their > list, not a name pulled from from the computer > user's address list. Why? What's the difference? Most email users have never looked at an email header and even if they did, they wouldn't know how to read the "Received:" header tag to determine the actual SMTP server sending the email. > I may know A and B and they > might all trust an attachment from me, but none of > them are sure to know each other. Maybe you aren't aware of the huge numbers of emails being sent. I've read estimates of 1 out of 12 emails sent during this worm infestation are MyDoom. Odds are some _will_ know each other, at least enough to propagate. I think the actual extent of the propagation shows that it is working. > Practically, it > makes not sense. Same thing I was thinking. > I can think of only reasons a > virus would spoof A or B's address in mail sent off > my machine. I'm afraid to ask. > The first is that A or B are trusted > administrators, that would not hold true across a > person's address book. ??? > The second is that the virus > writer wanted to embarrass A or B. I really doubt that. Maximum propagation of a SCO DDOS attack is the intent. By the way, I heard a report on the radio today that a variant is now spreading that will attack Microsoft during the same time period as SCO. If what you are saying is true and Microsoft is propagating a DDOS attack against itself to make Linux users look like nasty hackers, either Bill Gates is an evil genius or a stupid idiot. I hardly think the world will blame Linux for the actions of a few. Even SCO is not that stupid (note their $250K reward for turning in the virus writer). > Either of these > options would require some kind of an external list > and great premeditation. Your inclusion, as a Linux > Zealot is suspicious. Will, you really need to get out of the house more. > Being a good zealot myself, I think that Microsoft > is behind this and wants to make free software users > look as bad as they can. Please stop. > They have lists of their > "enemies" who advocate free software and > occasionally complain when Microsoft failures and > design flaws cause internet turmoil, restrictive ISP > policies, and utility blackouts. Waitasec. You're kidding. Right? This is funny. > They have already > suckered CNN and others to run headlines about > "Linux War Weapons", and others have run articles > filled with giggling anarchist straw men. Now I get it! That's pretty funny... I really hope you're kidding. > A > miltibillion dollar press just used the latest > Microsoft transmitted disease to smear people who > give their work away without expectations of reward. If you are not kidding, then you are one spooky dude. > It's disgusting, but hopefully transparent enough > to backfire. Please keep at least 100' away from me in the future. > So, is it true? Shannon, were your machines clean? > Has anyone else here been smeared by spoofing? Is > there enough mail lying around to build a solid > statistical case? Wow. I'm not sure how to respond to that. I've run out of humorous comebacks. So here's a practical one: Read any good introductory textbook on deductive logic. _Deduction_ by Daniel Bonevac is a good one. ===== John Hebert 'cat /dev/random | perl' __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! http://webhosting.yahoo.com/ps/sb/
