Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    Feb 2001
    Location
    Lake Saint Louis, Missouri, USA
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    !000 as a Worm Alert (Windows95, Outlook98)

    A year or so ago, in a Woody's newsletter, there was the hint to have as one's first address in Outlook's Contacts a truly bogus e-mail address, like !000@win.com
    I made such a "contact" in my Contact list.
    However, I neglected to reference which newsletter had the advice
    and why such an e-mail "address" was advantageous.
    Can anyone remember Woody's advice?

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: !000 as a Worm Alert (Windows95, Outlook98)

    While this is not really useful as a protective measure, getting a reject message back might tell you that you were hit by a worm, assuming the worm used your address in the return-path for the message. But it is very unlikely to actually stop the messages from going out. At one point, viruses were so foolish as to send to all your addressees in a single message, and in that scenario, it's conceivable that a bad address could possibly maybe get the whole message bounced back to you. But most mass mailing viruses send individual messages, and there's no reason that the messages addressed to legitimate addresses should be rejected.

    I assume, though perhaps I shouldn't, that you have installed the Outlook Security Update for Outlook 98. If it works like the one for Outlook 2000 (and the built-in functionality of Outlook 2002), you will be alerted and have the chance to block access to your address book and automatic sending through Outlook. But that's the problem. The newer viruses include their own mail engines and therefore often can bypass the Outlook "send" feature. Worse, the most recent ones, such as SOBIG, scour your computer for addresses in completely unprotected files. So as long as we insist on the freedom to run programs that have not been certified by the operating system vendor (that is coming!), there will always be a way for virus writers to send mail from your computer.

    What can you do?

    1. <LI>Exercise extreme caution in opening attachments. As you know, it is not enough to know the sender, you also need to believe that the sender actually intended to send it to you. Your linguistic analysis skills come into play here. <img src=/S/smile.gif border=0 alt=smile width=15 height=15> Is this the kind of language your friend/colleague normally uses in messages to you? Do software vendors usually misspell several words in their alerts?

      <LI>Patch all vulnerabilities in Internet Explorer. Naturally, you would do this if you browse the web, but it helps with mail too. Many viruses use flaws in IE to open attachments on your behalf, and both Outlook and Outlook Express use IE to decode HTML mail.

      <LI>Maintain updated antivirus software. Make sure to renew any that require annual renewals (e.g., PC-cillin).

      <LI>Encourage your ISP to institute server-side virus filtering. And, while you're at it, server-side spam filtering. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

      <LI>Run a personal firewall that blocks SMTP traffic to any server other than your ISP's mail server. Unfortunately, the address of this server might change over time. Also unfortunately, viruses can tunnel SMTP traffic through other ports that you will have open, such as port 80 (used to retrieve web pages). So even if you block as many ports as you can tolerate without losing functionality, there's still a chance the virus's own SMTP engine will be able to send messages.

      <LI>Run a personal firewall that blocks by sending application. ZoneAlarm is a good example of this, and can be set up to alert you if a new program or process is trying to access the Internet.

      <LI>Live a good clean life.
    Uh-oh, 500 words. Okay, that ends my sermon for today. <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15> Hope this helps.

  3. #3
    New Lounger
    Join Date
    Feb 2001
    Location
    Lake Saint Louis, Missouri, USA
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: !000 as a Worm Alert (Windows95, Outlook98)

    Thank you for the reply. So the !000 won't stop things - but if I read your answer correctly it will alert me if a worm ever squirms into my address list. I guess that's a bit reassuring, in the category of No News equals good news.
    I do have in place most of the things you suggest. One thing you didn't mention is always showing the extension of any file - but I'm betting you took it for granted that I'd have THAT important precaution in place.
    With regard to the Outlook Security Update for Outlook 98 - I found the White Paper about it, dated September 2000. I think I've left it too late to get any update for Outlook98.

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: !000 as a Worm Alert (Windows95, Outlook98)

    > I read your answer correctly it will alert me if a worm ever squirms into my address list.

    There's a reasonable chance that it will, but unfortunately no guarantees. I'm sure it can't hurt.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •