Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Open response to Roadrunner's Virus email

0 views
Skip to first unread message

Brian K. O'Neill

unread,
Jan 28, 2004, 6:28:44 AM1/28/04
to
-----Original Message-----
From: mcph...@mindspring.com [mailto:mcph...@mindspring.com]
Sent: Tuesday, January 27, 2004 11:09 PM
To: x
Subject: test

ALERT!

This e-mail, in its original form, contained one or more attached files that
were infected with a virus, worm, or other type of security threat. This
e-mail was sent from a Road Runner IP address. As part of our continuing
initiative to stop the spread of malicious viruses, Road Runner scans all
outbound e-mail attachments. If a virus, worm, or other security threat is
found, Road Runner cleans or deletes the infected attachments as necessary,
but continues to send the original message content to the recipient. Further
information on this initiative can be found at
http://help.rr.com/faqs/e_mgsp.html.

Please be advised that Road Runner does not contact the original sender of
the e-mail as part of the scanning process. Road Runner recommends that if
the sender is known to you, you contact them directly and advise them of
their issue. If you do not know the sender, we advise you to forward this
message in its entirety (including full headers) to the Road Runner Abuse
Department, at ab...@rr.com.

The message cannot be represented in 7-bit ASCII encoding and has been sent
as a binary attachment.

=====

My response:

Does Roadrunner know what viruses are or how they are propagated nowadays?
Here's a clue: Just kill the messages and don't waste anyone's time. I
don't know who this is from, whomever sent it doesn't know me, the address
is probably forged by the virus, and this is the case in probably 95% of all
virus attempts now.

You want to help the problem? Close all of the open relays that spammers
use to send spam and cancel the accounts of your insane number of trojanized
machines so your users quit wasting the internet's time and money - time and
money that this stupid handling of viruses also costs the net.

I am posting this response openly to NANAE and any applicable Roadrunner
groups.


Agent_C

unread,
Jan 28, 2004, 7:35:43 AM1/28/04
to
On Wed, 28 Jan 2004 11:28:44 GMT, "Brian K. O'Neill" <do...@spam.me>
wrote:

>You want to help the problem? Close all of the open relays that spammers
>use to send spam and cancel the accounts of your insane number of trojanized
>machines so your users quit wasting the internet's time and money - time and
>money that this stupid handling of viruses also costs the net.

You may thank our distinguished legal profession (at least in part)
for RR's sluggish response to spamming on their network. Their TOS is
so full of holes and they're so afraid of being sued, that they have
to go through a long 'process' before an account can be canceled.

A complete disgrace...

A_C

Android Cat

unread,
Jan 28, 2004, 9:29:01 AM1/28/04
to

They're also reducing complaints by filtering abuse complaints to
ab...@rr.com

Final-Recipient: RFC822; <ab...@rr.com>
Action: failed
Status: 5.1.1
Remote-MTA: dns; vamx01.mgw.rr.com (24.28.193.148)
Diagnostic-Code: smtp; 550 5.7.1 Mail Refused - 209.226.175 - See
http://security.rr.com/mail_blocks.htm#security - 20040127

That ought to cut down on their workload eh?

--
Ron Sharp.


McWebber

unread,
Jan 28, 2004, 10:03:08 AM1/28/04
to
"Agent_C" <Agent-C-h...@nyc.rr.com> wrote in message
news:nuaf10tmutmg3bpri...@4ax.com...

> On Wed, 28 Jan 2004 11:28:44 GMT, "Brian K. O'Neill" <do...@spam.me>
> wrote:
>
> >You want to help the problem? Close all of the open relays that spammers
> >use to send spam and cancel the accounts of your insane number of
trojanized
> >machines so your users quit wasting the internet's time and money - time
and
> >money that this stupid handling of viruses also costs the net.
>
> You may thank our distinguished legal profession (at least in part)
> for RR's sluggish response to spamming on their network.

No, you can thank *their* lawyers. I'm sure their TOS also says it can be
modified at any time. RR has chosen not to do this.

> A complete disgrace...
>

RR certainly is.

--
McWebber
"Richter points to the lack of legal action against his company as proof
that he's operating appropriately."
Information Week, November 10, 2003


barchetta

unread,
Jan 28, 2004, 10:16:07 AM1/28/04
to
Brian,

I went through the same problem several months ago, that lasted about
two months.

Everyday, sometimes twice a day, someone sent me a virus. The only
notifications I ever got were RR auto-messages generated by McAfee.

It is completely ridiculous! Because it got filtered, there was no
way for me to easily figure out who sent it.

I was able to narrow it to someone at Cox, and forwarded all the
information I could gather from Eudora and forwarded it to abuse@cox.

Finally, I started forwarding the "ALERT!" messages to ab...@rr.com.
That's exactly how I felt about it. I was getting SPAMed by my own
provider.

peace,
stephen

On Wed, 28 Jan 2004 11:28:44 GMT, "Brian K. O'Neill" <do...@spam.me>
wrote:

>-----Original Message-----

Doug Jacobs

unread,
Jan 28, 2004, 6:06:23 PM1/28/04
to
In news.admin.net-abuse.email Brian K. O'Neill <do...@spam.me> wrote:

> I am posting this response openly to NANAE and any applicable Roadrunner
> groups.

Good luck. RR has shown itself to be worse than clueless lately.

I wrote a broilerplate just for them and have sent off dozens of copies
to the continued trickle of viruses that come from there.

Unfortunatly, RR's stupidity is contagious. I can't tell you how many
other ISPs out there have been sending me notifications about how their
mailserver deleted a virus that I (didn't) sent or that was intended for
me.

Melelina

unread,
Jan 30, 2004, 7:57:32 AM1/30/04
to
How did you get messages generated by McAfee when RR uses Symantec Corporate
av scanner at the main mail gateways?


"barchetta" <barc...@houston.losethis.rr.com> wrote in message
news:l3kf10hotun675emg...@4ax.com...

Melelina

unread,
Jan 30, 2004, 8:05:27 AM1/30/04
to
Why are you objecting to the auto responses? I want the virus sent intact.
I don't like RR tampering with my mail and sure would not want them to
tamper with it and then not even tell me they had tampered with it! This
filtering is a real hassle as now you have to password protect any virus
samples you are sending to someone or receiving from someone.


"John Gray" <nos...@invalid.com> wrote in message
news:MPG.1a819fb48...@news-server.woh.rr.com...
> In article <l3kf10hotun675emg...@4ax.com>, barchetta
> barc...@houston.losethis.rr.comsays...

> RoadRunner in this area uses Symantec as noted in the header
> X-Virus-Scanned: Symantec AntiVirus Scan Engine.
>
> Back when the first Klez virus started, a contact of mine became infected.
> Since I received the headers in the virus alert RoadRunner sent to me, I
was
> able to finally figure out who was infected by use of the routing. It
always
> came from an ATT DSL connection, and I had three contacts that have that
> connection. The From: was useless as Klez used a random email address in
his
> addressbook as the From: each time. It took some effort to narrow it
down, and
> when I emailed the infected contact, I didn't even get an acknowledgement
but
> the infected messages did stop.
>
> It was long before RoadRunner in this area quit sending the virus alerts
here,
> as there really isn't much value to it. Most people wouldn't take the
time to
> figure out who was infected, and in a joe-job virus message it would be
> impossible anyway.
>
> I haven't had one virus infected message make it to my inboxes yet.
Sometimes I
> do wonder how many infected messages are targeted to my inboxes.
>
> --
>
>
>
>
> John Gray
>
> If you don't have a reason, at least have an excuse.
>
> Just in case there's any doubt, my email address is useless. Please reply
to
> this newsgroup.


0 new messages