do virus messages leave footprints in sending computers?

  • Thread starter Thread starter RB
  • Start date Start date
R

RB

If a person has an virus infected computer that is sending out email using
email addresses harvested from the address book, will it be detectable to
the owner/operator that this is happening? Or, do the little nasties do
their work silently and invisibly so that the operator doesn't have a clue?
 
Apparently the thing that makes SWEN effective is it uses addresses from
network postings such as newsgroups. (like this one)

Dan
 
from the wonderful person RB said:
If a person has an virus infected computer that is sending out email using
email addresses harvested from the address book, will it be detectable to
the owner/operator that this is happening? Or, do the little nasties do
their work silently and invisibly so that the operator doesn't have a clue?
Click to expand...

If they have their own SMTP server (which Swen, Gibe, etc. all do) then
there is no trace on the originating PC (apart from LOTS of bytes going
out over the network to the ISP). Plus of course the virus .exe is
there, if you look for it.

Dialup users would probably notice - broadband users apparently don't.
8<,
 
exactly, i have 2 addys..
the one I NEVER use on newsgroups has yet to recieve a "microsoft" message.

the other was gettng 100's..I have it down to a few a day now by using
filtering.
 
Scott Tyler said:
exactly, i have 2 addys..
the one I NEVER use on newsgroups has yet to recieve a "microsoft" message.

the other was gettng 100's..I have it down to a few a day now by using
filtering.




detectable
Click to expand...

Munge your address and your address most likely won't be harvested; but try
and use something unique;; because the harvesters are getting smarter and if
you munge it something like mine (e-mail address removed) in the not to
distant future email harvesters my be able to see that it is munged and take
out the NOSPAM part. I have yet to get one of the virus that uses news
groups; however one of my other email addresses which I don't munge has been
receiving about 4-5 each day.
 
Mine are coming to the address that I normally give only to personal
acquaintances. Unfortunately, I also used it by mistake a few times
in postings to NANAS (spam sightings).

On the other hand, the one I am using on Usenet now (munged, see
below) is still clean.
 
RB said:
If a person has an virus infected computer that is sending out email using
email addresses harvested from the address book, will it be detectable to
the owner/operator that this is happening? Or, do the little nasties do
their work silently and invisibly so that the operator doesn't have a clue?
Click to expand...

Most operators don't have a clue. They wouldn't really
notice signs that would be noticeable to others. They
may see that their typing didn't show up as quickly as
normal, or that their cursor was a little sluggish, but
think nothing of it. The faster the machine, the less it
would be noticed.

As for leaving footprints, worm files may be found if
looked for, but viral "infected" files mostly must be
looked within. Mass mailing is more a wormlike thing
than a viruslike thing.
 
Back
Top