Housekeeping: junk mail and other trivia

From: Tim O'Connor <oconnort@nyu.edu>
Date: Fri Aug 16 2002 - 12:43:15 EDT

Hello, subscribers, from a sticky and hot NYC, in a sweltering room
Kafka -- or perhaps Sgt. X -- would have appreciated....

Recently, a joker out there seems to have gotten an infected computer
that sends out junk attachments to subscribers of the bananafish list.

Based on what I can tell, the address from which the most significant
infected message came is:

        lee764@bellsouth.net

I can't verify yet if this is a legitimate address, but the mail was
definitely not legitimate. It was transmitted on August 15 at
14:40:31 Eastern time (four hours behind GMT).

This username cannot send mail to the list because he/she/it is not a
subscriber. I can only guess that the person has gathered some of our
addresses in an addressbook. I'm not able to say for sure without
looking at the computer it came from, which is impossible for me to do.

It's hard to say a lot that is definitive without having access to the
source of the material at hand, but I know at least that the mail had an
infected attachment, that the sender's address was forged to look like
it was mail sent from the list, that it appears to have been sent from
the bellsouth.net address above, and that it doesn't appear to have gone
far or done much damage. Oh, and the subject line was: "Absolute"
(nothing more).

A couple of other infected attachments were sent to the list in the
last few days, but got bounced back to me, either because they were
too long or because the sender wasn't subscribed.

I don't have any way to filter out potential infections sent to the
list by a real subscriber. The best advice I can offer is that if
you're using a vulnerable system (e.g., Windows), make sure you have
antivirus software installed, and be certain that you are running the
latest virus defininitions; they are issued usually every month,
sometimes more often. The only way I learn about the virus type -- and
this is only occasional -- is when one copy of the list mail comes to
my work address and has to pass the mail servers at work. At that
point, the mail is scanned for infection, and infections are either
stripped out or the mail content is deleted, and I get a notification.
The reason I don't know much more is that I get so many such
notifications that the occasional bananafish items get mixed in with
plenty of others that come in on the backs of work-related mail.

If you get list mail that has an attachment, don't open the attachment
unless you hear that it's safe. When in doubt, leave attachments
untouched. There is no reason, unless a subscriber is distributing
some object like a picture or a clipping, or is forwarding something
out of the ordinary (e.g., not plain text that can go in the body of
the mail) that attachments would need to go to this list. If you
have questions, ask me privately.

If you are on the list and sending mail, please do not send your mail
as attachments or as HTML. Plain text will do nicely, though. No
need for business card attachments or other such cluttery junk.

I haven't heard from anyone that they caught anything from this
"lee764@bellsouth.net" mail. My personal copy came to me directly,
not through the list -- though the mail was forged to make it look
as if it had come from the list.

In the past, I would get perhaps one message like this every two or
three months. This week alone I saw four bogus messages, all from
different senders. (I no longer have a record of the virus that was
associated with each message.)

Since I work on a Unix machine, my system just looked at the attachment
and did the equivalent of a laugh -- but it could have been messy, had
I been using Windows + Outlook, as I know many of you do.

So, here's to careful and clean computing.

Regards,

--tim

-
* Unsubscribing? Mail majordomo@roughdraft.org with the message
* UNSUBSCRIBE BANANAFISH
Received on Fri Aug 16 12:43:18 2002

This archive was generated by hypermail 2.1.8 : Sun Aug 10 2003 - 20:48:46 EDT