[R] S & R list virus warning

A.J. Rossini rossini at blindglobe.net
Sat Apr 27 18:46:23 CEST 2002 

>>>>> "paul" == Paul Gilbert <pgilbert at bank-banque-canada.ca> writes:



    paul> It appears that someone has harvested email addresses from the S-news or
    paul> one of the R lists and is sending out viruses. The mail does not come
    paul> from the lists, but appears to come from people on these lists. (Closer
    paul> examination of the headers indicates that it does not really come from
    paul> the person indicated in the "from" field.) The mail is probably directed
    paul> to people on these lists as well as others. I have received at least
    paul> three already. The most recent one has the subject line "Introduction on
    paul> ADSL" and a previous one had the subject line "A good tool".

    paul> The messages are infected with the WORM_KLEZ.G virus in an attachment.

This has nothing to do with manual harvesting - it's from a
Microsoft-based worm that is particularly nasty.  See the usual
anti-virus warnings for more details.  Basically, it harvests from
your mailbox.  It also changes its subject line using information from
the mailbox.  

    paul> I am not sure what mechanisms can be used to deter spammers from
    paul> harvesting email addresses from lists, but something should be
    paul> considered. One thing I know people have tried is to put blanks or other
    paul> characters into the publicly displayed addresses on  lists. This means
    paul> that people can read the lists and figure out an email address, but
    paul> simple automatic tools are foiled. Another possibility is to not make
    paul> the addresses  available.

Or not to allow mailing list subscribers to use mail tools which while
convenient, can be subverted for other uses.  Note that the virus uses
a hole which has be subsequently patched; it's a human/organization
problem (not performing timely security updates).

However, this solution, while it works, doesn't seem to be an option.

best,
-tony

-- 
A.J. Rossini				Rsrch. Asst. Prof. of Biostatistics
U. of Washington Biostatistics		rossini at u.washington.edu	
FHCRC/SCHARP/HIV Vaccine Trials Net	rossini at scharp.org
-------------- http://software.biostat.washington.edu/ ----------------
FHCRC: M-W: 206-667-7025 (fax=4812)|Voicemail is pretty sketchy/use Email
UW:   Th: 206-543-1044 (fax=3286)|Change last 4 digits of phone to FAX
(my friday location is usually completely unpredictable.)


-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-help mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !)  To: r-help-request at stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._

More information about the R-help mailing list