Mobile menu

Sending an automated message after receiving an infected file
Thread poster: Giuliana Buscaglione

Giuliana Buscaglione  Identity Verified
Austria
Local time: 03:15
Member (2001)
German to Italian
+ ...
Mar 12, 2004

Hi,

In times of Netsky, Bagle and MyDoom viruses it is useless to send an automated message to the *presumed* sender.

Even if the email address is correct: no message was sent from the owner of that address.

This morning I have received the x automated message, in which I was informed that someone has received an infected attachment from one of my addresses and that this address of mine was blocked.

Please be careful with blocking addresses, informing supposed-to-be virus senders or adding them, especially IPs! to antispam portals, as you cause only extra traffic and troubles to unaware and non-infected PC-owners!

Apart from keeping my AVs updated, having Sophos on server, using a proxy and a local firewall per computer, I use KMail under Linux and SecureBat under Windows. In other words: no mail is downloaded from server; files are scanned on server and not downloaded/uploaded before having been scanned a second time with a different software.

I have also been receiving hundreds of infected mails on server for the past few weeks, from known and unknown addresses, but I never thought about contacting the supposed-to-be senders. Forget about informing them or, worse, blocking their email addresses or IPs.

May I suggest some interesting readings about viruses, worms, trojans, the way they work and so on at Symantec, Panda or any other site dealing with these problems?!


Giuliana


Direct link Reply with quote
 

Graciela Carlyle  Identity Verified
United Kingdom
Local time: 02:15
English to Spanish
+ ...
Second your motion Mar 12, 2004

I am so fed up of this kind of messages too.
What is worse, they generally come from the proper ISP's or mail administrators...don't they know how these viruses work YET????

However, I can recommend something (check the properties of the email) because this happened to me 2 days ago and I could warn the sender.
I received a message from an unknown sender. My PC Cillin detected and deleted the attachment (worm_netsky.c). The address of the sender, even though I didn't know it, it looked suspicious to me as related to someone that might have my address. When I looked at the properties of the message, I noticed that the ip from which the message was sent, was the same of a previous message received from this person. So I could contact him and let him know.
It surprised me that the virus didn't forge the ip address too, but well, it didn't this time cos this person confirmed afterwards that he was in fact infected.

Cheers,
Grace.


Direct link Reply with quote
 
Sonja Tomaskovic  Identity Verified
Germany
Local time: 03:15
English to German
+ ...
My ISP blocked Proz Mar 12, 2004

I absolutely agree with Giuliana.

The worst that happend to me is that my ISP blocked mails that came from Proz. I wonder whether these guys there know how a virus works!?

They were almost reluctant to remove Proz from their blacklist. It took me some time to convince them, and finally they did.

Sonja


Direct link Reply with quote
 

Uwe Kirmse  Identity Verified
Local time: 03:15
Polish to German
+ ...
Check the IP Mar 12, 2004

Yesterday I've received even several infected mails from myself. I've also received some notifications, that somebody got a virus from me. These notifications are generated automatically by some antivirus software. I think, it also blockes adresses automatically.
I've checked the IPs in the headers and detected the sender. All the mails from various adresses had the same IP. So blocking adresses makes absolutely no sense.

You can check IPs here:
http://sunny.nic.com/cgi-bin/whois

[Edited at 2004-03-12 11:31]


Direct link Reply with quote
 

Doru Voin  Identity Verified
Romania
Local time: 04:15
English to Romanian
+ ...
Some thoughts from an ex-insider Mar 12, 2004

Hi all,
Some thoughts from an ex-tech Writer for an antivirus producer:

1/Usually, automatic infection messages are an optional feature. This means the administrator of your mail server can turn off this option. It is true that most antivirus software come with this option automatically enabled. For obvious marketing purposes...
2/
Giuliana Buscaglione wrote:
In times of Netsky, Bagle and MyDoom viruses it is useless to send an automated message to the *presumed* sender.

When this option first sufaced on the market, it was of tremendous use. Worms were not so sart, they couldn't spoof the sender's address, so basically you were just letting some people know they are infected. As for "presuming"...I can only say that people say they can only "presume" because they are scared about legal consequences when admitting they can do more than that.
3/
Giuliana Buscaglione wrote:
Please be careful with blocking addresses, informing supposed-to-be virus senders or adding them, especially IPs! to antispam portals, as you cause only extra traffic and troubles to unaware and non-infected PC-owners!

I wouldn't be very frightened on this regard. Extra traffic is insignificant compared to the traffic generated by the worm itself. The Internet won't get blocked for sure by some antivirus software's automatic messages, but rather by some clever worm. As for adding IPs to antispam portals, this could be a problem only if the site does not make a thoroughful double check (your report must be backed by other reports as well).

Regards from Bucharest,
Doru Voin

[Edited at 2004-03-12 16:00]

[Edited at 2004-03-12 16:02]


Direct link Reply with quote
 

sylver  Identity Verified
Local time: 09:15
English to French
Agree / Disagree Mar 13, 2004

Doru Voin wrote:

3/
Giuliana Buscaglione wrote:
Please be careful with blocking addresses, informing supposed-to-be virus senders or adding them, especially IPs! to antispam portals, as you cause only extra traffic and troubles to unaware and non-infected PC-owners!

I wouldn't be very frightened on this regard. Extra traffic is insignificant compared to the traffic generated by the worm itself.
Doru Voin


1. I fully agree that automated "your computer is infected" messages should not be sent to the reply-to address.

2 I disagree that the trafic resulting from this action is insignificant. In fact, one week I had as many messages "your computer is infected" as bona fides worms, and that's a lot.

Either case, please do disable your antiviruses automated replies. These are definitely not appreciated.


Direct link Reply with quote
 
xxxLia Fail  Identity Verified
Spain
Local time: 03:15
Spanish to English
+ ...
Not sure I understand Mar 13, 2004

Hi Giuliana

I usually do that - click to add to junk mail sender list - then delete.

Are you saying that I am doing is wrong, that I should not add spammers to this email list, then?

TIA:-)

Giuliana Buscaglione wrote:

Please be careful with blocking addresses, informing supposed-to-be virus senders or adding them, especially IPs! to antispam portals, as you cause only extra traffic and troubles to unaware and non-infected PC-owners!


Giuliana


Direct link Reply with quote
 

Giuliana Buscaglione  Identity Verified
Austria
Local time: 03:15
Member (2001)
German to Italian
+ ...
TOPIC STARTER
Infected emails & spammers Mar 13, 2004

Hi Ailish,


Are you saying that I am doing is wrong, that I should not add spammers to this email list, then?


I wasn't talking about spammers, but about messages with infected attachments and supposed-to-be senders: the message wasn't actually sent by the owner of the email address you can read. If you wish, you can add it to your spammer list, but you mark that address as not welcome for no reason. Still if you add that address to the spammer list on your server, you might cause troubles to someone, who hasn't done anything to deserve that treatment.

Some examples: I have sent only an email to someone as ProZ.com Jobs Area coordinator, got a reply and wrote back. I got an automated message from the server of this member informing me that my address what added to the spammer list
I have received x infected emails from a certain domain, ignored all of them and deleted them all. All of a sudden (reason for my posting) I got an automated email exactly from that domain informing me that I had sent a virus and was a spammer. Me?? I got tons of them from that domain instead! This is what I call irresponsible behaviour... first clicking and then think about possible consequences. I have nothing to do with that domain and that Country, I don't even speak that language, but what about if I had a business relation with someone using that domain?! I would have had to *waste* time in trying to have my email address deleted from the list (it takes ages!), in order to make sure that my client receives my emails (they are rejected directly on server).

Giuliana

[Edited at 2004-03-13 12:37]

[Edited at 2004-03-13 12:38]


Direct link Reply with quote
 
xxxLia Fail  Identity Verified
Spain
Local time: 03:15
Spanish to English
+ ...
Thanks for the clarification:-) Mar 19, 2004

I have been adding everything to the junk mail list, but recently I have been getting the mails you describe, so maybe I need to be more discerning.

Ailish:-)


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Sending an automated message after receiving an infected file

Advanced search






PDF Translation - the Easy Way
TransPDF converts your PDFs to XLIFF ready for professional translation.

TransPDF converts your PDFs to XLIFF ready for professional translation. It also puts your translations back into the PDF to make new PDFs. Quicker and more accurate than hand-editing PDF. Includes free use of Infix PDF Editor with your translated PDFs.

More info »
WordFinder
The words you want Anywhere, Anytime

WordFinder is the market's fastest and easiest way of finding the right word, term, translation or synonym in one or more dictionaries. In our assortment you can choose among more than 120 dictionaries in 15 languages from leading publishers.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs