REQ: ISP filtering of Alt.comp.virus
Spalls Hurgenson
usenet groups, this is a special case.
Alt.Comp.Virus is a newsgroup generally dedicated to anti-virus
issues; it's frequented by a number of staffers at a variety of
anti-virus companies. It is currently being spammed by thousands of
gibberish messages per day. Now, this alone isn't too bad; a good
kill-file can take care of it.
However, these usenet messages are, in fact, encrypted data used by
the "W32_Hybris" worm; it uses alt.comp.virus to send out updates and
plugins to make it a more deadly program. Even people who do not
normally read A.C.V are effected by this; the worm connects to the
news-server and downloads it's updates automatically. Thus,
client-level filters are ineffective if the person is already
infected; the worm doesn't use the newsreader.
Thus, I request that IDT filter out all messages to A.C.V originating
from Use-Author-Address-Header@ 127.1 (obviously a forged address; the
actual address is from a variety of anonymous remailers) to help
prevent the spread of this worm. More information can be found at
various anti-virus web-sites or, of course, in alt.comp.virus itself.
Spalls Hurgenson
<yoi...@ebalu.com> wrote:
>More information can be found at
>various anti-virus web-sites or, of course, in alt.comp.virus itself.
Specifically,
http://www.kaspersky.com/news.asp?tnews=0&nview=1&id=134&page=0
which just announced Hybris's a.c.v connection...
and
http://www.viruslist.com/eng/viruslist.asp?id=4112&key=00001000130000100044