Full Disclosure mailing list archives
RE: AV "feature" does more DDoS than Sobig
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Thu, 28 Aug 2003 16:00:09 +0200
I agree that there is a problem with these replies nowadays, but I do not see the loop? How does A restart the cycle? All I see is that A potentially receives massive amounts of these "virus messages" (which of course can be a problem). Am I missing something? Rainer
-----Original Message----- From: Fabio Gomes de Souza [mailto:bugtraq () gs2 com br] Sent: Thursday, August 28, 2003 3:05 PM To: bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: [Full-disclosure] AV "feature" does more DDoS than Sobig Hello, Anti-virus products are causing more harm than the Sobig Worm. Some of my customers are having the following problem: B = Customer of my customer (infected) C,D,E = Some random company (victims of Sobig) A = My customer (victim of AV marketing) The Sobig worm infected B. In its propagation loop, the worm composes a message, chooses two random items in the Address Book, and puts the first in the "From:" and the second in the "To:" header. Then all virus messages are spoofed. The problem is that many e-mail virus scanners send a "You are infected" reply to the address contained in the "From" header. Since the messages are spoofed, the inoccent, uninfected user "A" is flooded by automatic complaints from "C","D","E" regarding the virus that "B" sends. Anti-virus companies seem to spend more money on marketing/visibility than on actually protecting their customers. This marketing stupidity is done by adding USELESS features, which spreads false information and delivers false sense of security: - "You're infected" reply (false positive) - "This message is 100% virus-free certified" signature line (false sense of security) - Anti-virus buttons on Internet Explorer toolbar (just to launch the AV) - Splash screens every time you: - boot your computer - send e-mail - check pop3 e-mail - turn your computer off - System tray useless icons (in some AVs, the system tray icon does nothing except for launching the AV program) - Redundant shortcut icons in Desktop, Start Menu root, Quick Launch and Start Menu program folder This kind of stupidity from AV companies makes me hate them more every day. -- Fabio Gomes de Souza <fabio () gs2 com br> Fone: (81) 9127-0597 GS2 TECNOLOGIA DA INFORMAÇÃO LTDA - Infra-estrutura de TI, segurança, sistemas embutidos e Linux - Consultoria, planejamento, implementação e gerenciamento
http://www.gs2.com.br negocios () gs2 com br (81) 3492-7777 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: AV "feature" does more DDoS than Sobig, (continued)
- Re: AV "feature" does more DDoS than Sobig James Greenhalgh (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)
- Re: AV "feature" does more DDoS than Sobig 3APA3A (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Marcos Machado (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Richard M. Smith (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Ron DuFresne (Aug 28)
- Re: AV "feature" does more DDoS than Sobig David Vasil (Aug 28)
- Re: AV "feature" does more DDoS than Sobig Darren Reed (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Rainer Gerhards (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Barrett, Rob (Aug 28)
- Re: AV "feature" does more DDoS than Sobig DStark (Aug 28)
- Re: AV "feature" does more DDoS than Sobig yossarian (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- Re: AV "feature" does more DDoS than Sobig William Warren (Aug 28)
- RE: AV "feature" does more DDoS than Sobig Steve Wray (Aug 28)