| |||||||||||
On the value of virus notificationsOn the value of virus notificationsPosted Aug 21, 2003 16:14 UTC (Thu) by iabervon (subscriber, #722)Parent article: On the value of virus notifications The odd thing is that it's not too hard to determine the machine that has the virus (or rather, the IP it has at the moment it contacts the notifying machine), because, unlike most spam, viruses generally are sent without any relays. A quick peek at the headers will generally reveal some information that's much more applicable than the forged sender. Combined with the To address, this is likely to lead to at least a small set of likely people to contact about the infected machine (mail to a list is likely from a subscriber, to an individual is likely someone who's in either the recipient's address book or mail archives; from an IP in an address block likely an address at the MX for the owner's domain; present the list of the intersection of these who haven't already been informed about this one to the user, send to any who get checked off). Out of curiousity, I thought all of the forged addresses that SoBig used were hardcoded owners of significant sites. Am I mistaken, or has lwn.net made the big time?
(Log in to post comments)
On the value of virus notifications Posted Aug 22, 2003 5:53 UTC (Fri) by piman (subscriber, #8957) [Link] Unless I am amazingly more famous than I think, this isn't the case; hundreds of people are getting viruses from "me".
|
|||||||||||