Full Disclosure mailing list archives
RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 22 Aug 2003 01:44:31 +1200
"Jason Coombs" <jasonc () science org>, whose input is usually intelligent, considered and well-reasoned, chose to fall from his pedestal thus:
Curt Purdy opined:FWIW I disagree with any moderation at all. The point is, this is a FREE forum, one of the few left in the world.I agree completely. The sobig spam is valuable -- it shows us who we should not trust to operate a computer.
_If_ you know what to take from the headers _AND_ have omniscient access to the mythical IP-to-user mapping address list... You -- like several incredibly clueless posters today -- are entirely incorrect in this case. Look up any vaguely competent description of the workings of this virus. Then explain how you would divine the real victim, as opposed to the addresses spoofed by the virus, from Sobig's mail. Better yet, save yourself the time trying, as the answer is you cannot.
It also reveals the identity of people who have us in their address books without our consent.
D'oh! number two. Sobig gathers Email addresses from _many_ file types it finds on its victims' machines including the file types of the Email message "folder" files used by mailers, HTML files. .HLP files and .TXT files. Your comment again shows an uncharacteristically ignorant view of the actual situation.
By blocking 2,000+ copies launched at the list we've been saved some bandwidth ...
"some" = approx 200MB (each virus message is approx 100KB).
... but we've been deprived of the opportunity to point and laugh at the people who subscribe to full-disclosure who got hit by the silly thing.
Or, if you understood how the virus really works, you were saved the embarrassment of being shown to be a fool by your pointing and laughing at the wrong people. So how ironic that you were then silly enough to post this drivel so those of us who do know how Sobig works get to laugh at you and others like the clown of Clowater...
Just as some people in business refuse to do business with any person or company who sends spam, some of us also refuse to do business with anyone incompetent enough to get hit by a virus or worm.
Indeed, but the truly cluefull refuse to do business with those who clearly don't know anything important about something they should. What's that saying -- better you be thought a fool than open your mouth and remove all doubt?
Perhaps Len could send a single digest message to the list revealing the identity of each subscriber who tried to spam us with a sobig attachment -- it's the least he could do after intentionally covering up for these people.
And, if your address were on that list? _That_ wouldn't make me laugh at all because I understand that your address would be there because you were _NOT_ infected (well, almost certainly not...). And, I know for a fact that I am not and have not been infected (well, I deliberately infected machines in my test network but that's not connected to the Internet and has not "released" anything) _BUT_ I'd not be at all surprised to see my address on that list as I've received several dozen bounces for apparently sending the virus. As it seems to be the day for it -- go stand at the back of Clowater's cluestick queue. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Re: Administrivia: Binary Executables w/o Source, (continued)
- Fwd: Re: Administrivia: Binary Executables w/o Source Stephen Clowater (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jim Race (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Valdis . Kletnieks (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Russell Fulton (Aug 18)
- Re: Fwd: Re: Administrivia: Binary Executables w/o Source Ron DuFresne (Aug 18)
- RE: Fwd: Re: Administrivia: Binary Executables w/o Source Steve Wray (Aug 19)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Curt Purdy (Aug 19)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jason Coombs (Aug 20)
- Re: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Dietmar Goldbeck (Aug 20)
- Re: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Thor Larholm (Aug 20)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Nick FitzGerald (Aug 21)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jason Coombs (Aug 21)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Nick FitzGerald (Aug 21)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jason Coombs (Aug 22)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jason Coombs (Aug 21)
- RE: [inbox] Re: Fwd: Re: Administrivia: Binary Executables w/o Source Jason Coombs (Aug 21)
- Fwd: Re: Administrivia: Binary Executables w/o Source Stephen Clowater (Aug 18)