Full Disclosure mailing list archives

Re: AV "feature" does more DDoS than Sobig

From: madsaxon <madsaxon () direcway com>
Date: Thu, 28 Aug 2003 08:42:34 -0500

At 10:05 AM 8/28/03 -0300, Fabio Gomes de Souza wrote:

> Anti-virus products are causing more harm than the Sobig Worm.

The problem is that many e-mail virus scanners send a "You are infected"reply to the address contained in the "From" header. Since the messagesare spoofed, the inoccent, uninfected user "A" is flooded by automaticcomplaints from "C","D","E" regarding the virus that "B" sends.


I agree. Any sort of automated response based on perceived sender
IP address is not only brain-dead, but irresponsible. It does nothing
but compound the problem and needs to be curtailed.  Now.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

AV "feature" does more DDoS than Sobig Fabio Gomes de Souza (Aug 28)
- Re: AV "feature" does more DDoS than Sobig madsaxon (Aug 28)
  - RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
  - Re: AV "feature" does more DDoS than Sobig Vladimir Parkhaev (Aug 28)
    - Re: AV "feature" does more DDoS than Sobig James Greenhalgh (Aug 28)
    - RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)
- Re: AV "feature" does more DDoS than Sobig 3APA3A (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
  - Re: AV "feature" does more DDoS than Sobig Marcos Machado (Aug 28)
  - RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)

(Thread continues...)