Slandered by Sobig Virus!! - TechRepublic
General discussion
August 21, 2003 at 09:48 PM
oldefar

Slandered by Sobig Virus!!

by oldefar . Updated 22 years, 10 months ago

I am posting this in Management rather than Security because of where the impact occurs.

Joseph Moore posted on how an old virus spread via Blaster. Another poster, rsiccs@hotmail.com, recommends a hard line reaction to the spread of email viruses and spam.

The Sobig.f virus has the potential to turn approaches to spammers and virus spreaders into business disruption via self inflicted actions. Sobig.f spoofs the source address as it replicates itself via the infected user’s address book, randomly using addresses from the address book as the spoofed source. The result is that innocent email users appear as having the Sobig.f virus.

A number of companies use an appliance or service to catch viruses spread by email and to block spam. Examples include the WorldSecure approach from Tumbleweed and MailWatch service. As part of the service, reports of addresses that sent viruses or spam are generated.

When such reports are made available to managers who may not understand how particular viruses work, the potential exists for incorrectly identifying particular domains or users as either unsecured or as spammers. Submitting such reports to black hole listing services may result in these domains being blocked by well intentioned administrators. In effect, businesses may inflict damage on each other independent of but due to a virus.

At a minimum I can imagine making a call on a potential client in the next several days, perhaps after the August email reports are generated. The client recognizes my company name as having been a source of virus infected email, and assumes that my company fails to take security precautions. My ability to show the value I can bring his company may be severely impaired because someone with my company email address in their address book was infected.

So far at five firms that I have never done business with, who are nowhere in my address book, have sent automated responses to me that I sent an infected email to one of their users. How many other companies received Sobig.f in an email using my company email address as sender?

I urge all of you involved with infrastructure security to advise your users ? the Sobig.f virus spoofs the sending address and not to assume that the sender name was that of the real infected machine. Don?t let the virus get away with slandering individuals or companies. Do it because your company may also have been slandered.

This discussion is locked

All Comments