fragilesi Posted October 12, 2005 Share Posted October 12, 2005 Apologies if I'm in the wrong place . . . but I couldn't see an obvious answer to this in the FAQ. 3-6 times per day I'm getting e-mails from postmaster[at]lindenhomes.co.uk, the source of one is pasted at the end. Thing is, I'm 99.99999% sure that they cannot possibly be getting the mail from me and I've told them so several times (direct to postmaster and the original cited e-mail address not the null return path). They keep arriving and they do not reply. I suppose I could just blacklist them but I'm sure I cannot be the only one getting these pointless e-mails. Anything I can do? I didn't feel happy reporting this directly as spam like I would normally. Return-Path: <null[at]lindenhomes.co.uk> Delivered-To: cqmail-net-simon[at]cqmail.net Received: (qmail 24152 invoked from network); 12 Oct 2005 14:46:12 -0000 Received: from unknown (HELO c60.cesmail.net) (192.168.1.105) by blade2.cesmail.net with SMTP; 12 Oct 2005 14:46:12 -0000 Received: from mailgate.cesmail.net ([216.154.195.36]) by c60.cesmail.net with ESMTP; 12 Oct 2005 10:46:12 -0400 X-IronPort-AV: i="3.97,207,1125892800"; d="txt'?scan'208"; a="287655941:sNHT97106076" Received: from mail.which.net [194.168.97.11] by mailgate.cesmail.net with POP3 (fetchmail-6.2.1) for simon[at]cqmail.net (single-drop); Wed, 12 Oct 2005 10:46:12 -0400 (EDT) Received: from mail1.lindenhomes.co.uk ([213.1.255.36]) by kx1-gui.server.which.net (InterMail vK.4.04.00.00 201-232-137 license e70b2acfbd69d84cc925654164bd8fad) with ESMTP id <20051012141428.YGKN27116.kx1-gui[at]mail1.lindenhomes.co.uk> for <Yes.Fragile[at]Which.Net>; Wed, 12 Oct 2005 15:14:28 +0100 Received: from [127.0.0.1] by mail1.lindenhomes.co.uk (GMS 11.01.3365/KW6304.00.7bc0cd6d) with ESMTP id zdbhuaaa for Yes.Fragile[at]Which.Net; Wed, 12 Oct 2005 15:14:28 +0100 Received: from mail1.lindenhomes.co.uk (mail1.lindenhomes.co.uk [125.125.1.6]) by mail1.lindenhomes.co.uk (GMS 11.01.3365/KW6304.00.7bc0cd6d) with ESMTP id idbhuaaa for Yes.Fragile[at]Which.Net; Wed, 12 Oct 2005 15:14:21 +0100 From: "postmaster[at]lindenhomes.co.uk" <null[at]lindenhomes.co.uk> To: "Yes.Fragile[at]Which.Net" <Yes.Fragile[at]Which.Net> Subject: Anti-spam Content Alert Date: Wed, 12 Oct 2005 15:14:21 +0100 Message-Id: <14142137509405[at]mail1.lindenhomes.co.uk> X-Mailer: Gordano Messaging Suite v11.01.3365 Reply-To: <null[at]lindenhomes.co.uk> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="==_14142137509406/mail1.lindenhomes.co.uk==_" X-MMLScript: BYPASS (0) X-AVLoop: lindenhomes.co.uk X-Quarantine: BYPASS (0) X-spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on blade2.cesmail.net X-spam-Level: X-spam-Status: hits=0.5 tests=TO_ADDRESS_EQ_REAL version=3.0.3 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 194.168.97.11 213.1.255.36 4.4.0.0 127.0.0.1 125.125.1.6 This is a MIME-encapsulated message --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline WARNING! You have attempted to send an unacceptable message to the following address: plc[at]lindenhomes.co.uk --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The message has been checked by the GMS Anti-spam Protection Package. --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The following issues were found: Attachment: Info.exe Virus Name: W32/Bagle.CW[at]mm (exact) --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline The message headers follow: --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: message/rfc822-headers Content-Transfer-Encoding: 7bit Content-Disposition: inline Date: Wed, 12 Oct 2005 15:14:18 +0000 To: "Plc" <plc[at]lindenhomes.co.uk> From: "Yes.Fragile" <Yes.Fragile[at]Which.Net> Subject: Re: Msg reply Message-ID: <unrridtfetpxtauhhec[at]lindenhomes.co.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------fkaivsoosvfbdsdfxjwt" X-AntiVirus: Checked for viruses by Gordano's AntiVirus Software X-AntiSpam: Checked for restricted content by Gordano's AntiSpam Software --==_14142137509406/mail1.lindenhomes.co.uk==_ Content-Type: text/plain; charset="us-ascii"; name="footer.txt" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="footer.txt" Information in this email and attachments is confidential. If you are not the intended recipient please contact the sender. Any opinions are those of the author and do not necessarily represent those of Linden. Linden accepts no liability for any errors which arise as a result of internet transmission. Any email received by Linden may be monitored or inspected to ensure the systems’ effective operation and other lawful business purposes. --==_14142137509406/mail1.lindenhomes.co.uk==_-- Link to comment Share on other sites More sharing options...
Wazoo Posted October 12, 2005 Share Posted October 12, 2005 Not one word abouut anti-virus/trojan tools in use, jumping over to one of the on-line virus scanners, etc. The 99.9999% sure defense has been used by many folks, ye ... turns out that their machines are cesspools of stuff not seen by the free antivirus tool that came with their computer (when they bought it two years prior) ... updates had never been attempted or ignored when the "more money" thing came up .... You haven't 99.99999% convinced me that there may not actually be a security issue on your system ...???? Have you sent an e-mail to yourself to see if that e-mail arrives with an attatchment that you didn't send? And yes, moving this to the Lounge as it does not seem to be an actual Reporting problem with the SpamCop Parsing & Reporting tool set. Link to comment Share on other sites More sharing options...
Jeff G. Posted October 12, 2005 Share Posted October 12, 2005 I, too, have been getting bounces from antivirus systems and mailservers due to viruses, worms, and spam sent to full mailboxes, nonexistent mailboxes, and mailboxes protected by various and sundry challenge/response systems. The vast majority of those bounces are misdirected, in that they come to email addresses that either never existed or haven't worked in years because they were associated with former employees. I Report all the misdirected bounces without fanfare. For those admins who do reply that their unsolicited (by legitimate users in my domains, anyway) anti-worm, anti-virus, or bounce notification is not spam and that I was somehow mistaken in reporting it, I use the following template, which you may use as well: [Title], Thank you for your message. While almost everything you have written below is correct, referencing [Tracking URL] and [Tracking URL with ";action=display" appended without quotes], the email message which I received, reviewed, determined to be reportable, and reported in a SpamCop Report via email to [addressee] on [date] at and shortly before [time with timezone], is a misdirected bounce, which should be avoided by using 500-series errors during the SMTP transaction. It was also sent to email address [recipient address], which is not and never has been authorized for use on the [domainname] domain [or which has not been authorized for use for multiple years]. Such misdirected bounces are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of "On what type of email should I (not) use SpamCop?" at http://www.spamcop.net/fom-serve/cache/14.html and the "Misdirected bounces" section of "Why are auto-responders (and delayed bounces) bad?" at http://www.spamcop.net/fom-serve/cache/329.html#bounces . [if the respondent uses Exchange Server 5.5]You can avoid sending misdirected bounces by avoiding sending NDRs entirely, specifically by applying "Update available in Exchange Server 5.5 to control whether the Internet Mail Service suppresses or delivers NDRs" per http://support.microsoft.com/default.aspx?...kb;en-us;837794 and using "Value data" of "10". Also, where are the Received Header Lines for the original spam [or where are the Header Lines or where is the original message]? How can you or we track the spammer who forged our user's email address and tried to spam your user [or the infected machine] without complete info in your bounce? Without the Received Header Lines for the original spam, we must conclude that the original spam [or worm or virus] came from inside your network. If you can't adjust your systems to bounce during the SMTP transaction, please at least provide the full headers and body of the message in your bounces, and forward the missing pieces for this spam if you can find them. We have been seeing and Reporting a lot of instances of misdirected bounces to addresses matching andrew????[at][domainname] of spam sent through open proxies with forged Received Header Lines fingering [one of our MXs]. Thanks and Best Regards, [Name] [Title] The admins of cnn.com have been particularly egregious in stripping off Received Header Lines, and my many complaints about that appear to have gone into a black hole, except that someone writing for abuse[at]rr.com disclaimed responsibility. Silly me, I was trying to treat all of AOL Time Warner as one company and including one of my immediate ISPs' abuse desks in hopes they could help. Link to comment Share on other sites More sharing options...
fragilesi Posted October 13, 2005 Author Share Posted October 13, 2005 Okay, well thanks "I think" for the reply . . . Let me explain the reasons for my "certainty". The e-mail account they are "replying" to is one that I *read* on Spamcop from two PC systems, I haven't sent mail on it for many months and in fact I dont even have an identity set up for it to do so! Spamcop webmail is the *only* method I have used to access the account from either system since they were first built. This started happening quite recently and continues. Of the two systems, on both I have fully licensed McAfee security software which tells me that not only do I have the latest virus scanning engines and the latest virus signature files but also that according to them I have no viruses present on either system. Both are set up to download engine and definitions and then scan at 5am each and every single day and have been since they were installed. The home machine also has the full McAfee Security Centre setup. These two systems by the way are the *only* ones that I use. So it's fine with me, you're not inclined to help, I posted in the wrong place bla bla, your idea of customer care is to assume that someone asking a question is stupid. Lessons learned on my part. Time to look elsewhere. Oh yes, and shock horror, mail sent to myself arrives virus free . . . Not one word abouut anti-virus/trojan tools in use, jumping over to one of the on-line virus scanners, etc. The 99.9999% sure defense has been used by many folks, ye ... turns out that their machines are cesspools of stuff not seen by the free antivirus tool that came with their computer (when they bought it two years prior) ... updates had never been attempted or ignored when the "more money" thing came up .... You haven't 99.99999% convinced me that there may not actually be a security issue on your system ...???? Have you sent an e-mail to yourself to see if that e-mail arrives with an attatchment that you didn't send? And yes, moving this to the Lounge as it does not seem to be an actual Reporting problem with the SpamCop Parsing & Reporting tool set. 34073[/snapback] Link to comment Share on other sites More sharing options...
fragilesi Posted October 13, 2005 Author Share Posted October 13, 2005 I, too, have been getting bounces from antivirus systems and mailservers due to viruses, worms, and spam sent to full mailboxes, nonexistent mailboxes, and mailboxes protected by various and sundry challenge/response systems. The vast majority of those bounces are misdirected, in that they come to email addresses that either never existed or haven't worked in years because they were associated with former employees. I Report all the misdirected bounces without fanfare. For those admins who do reply that their unsolicited (by legitimate users in my domains, anyway) anti-worm, anti-virus, or bounce notification is not spam and that I was somehow mistaken in reporting it, I use the following template, which you may use as well:The admins of cnn.com have been particularly egregious in stripping off Received Header Lines, and my many complaints about that appear to have gone into a black hole, except that someone writing for abuse[at]rr.com disclaimed responsibility. Silly me, I was trying to treat all of AOL Time Warner as one company and including one of my immediate ISPs' abuse desks in hopes they could help. 34082[/snapback] Thanks for that, I may just try the suggested template, though at the moment they simply are not replying. I'll see if my latest set of complaints get me anywhere with them first though. Part of the reason I raised this is that I agree with you, poorly configured software - which I think this is - could end up being as big a problem as the original spammers themselves. Link to comment Share on other sites More sharing options...
turetzsr Posted October 13, 2005 Share Posted October 13, 2005 <snip> So it's fine with me, you're not inclined to help, 34123[/snapback] ...WHAT???!!?!? If Wazoo were not inclined to help, he simply would not have replied. In fact, I see a couple of suggestions that he made to further research the problem....I posted in the wrong place34123[/snapback] ...My, how rude of Wazoo to mention that! I wonder why he brought that up. Oh, wait:Apologies if I'm in the wrong place34066[/snapback] your idea of customer care is to assume that someone asking a question is stupid. <snip>34123[/snapback] ...From whence came this? I see no suggestion whatever in Wazoo's reply that anyone is stupid, simply suggestions and a reasonable attempt to prompt further information from you in terms of why you were sure that someone was not getting some e-mail from you. Besides, you are not his customer and he owes you nothing in particular in terms of service -- he's a volunteer, as are almost all of us here. The "Admin" tag by his name refers only to his role here in the Fora.Lessons learned on my part. Time to look elsewhere. <snip> 34123[/snapback] ...This is the best place with the most knowledgeable people you are likely to find. If you lose the easily-bruised ego, you'll make more headway, wherever you choose to look. <g> Link to comment Share on other sites More sharing options...
shmengie Posted October 13, 2005 Share Posted October 13, 2005 You know.... McAfee is good. But it aint perfect. None of the virus scanners are. Norton may be the worst, but for some reason I placed a false trust in it. A friend of mine had cought a virus or actuall very many. Norton was kept uptodate, so I had asssumed it was something else that stopped his mahcine from booting. He reported no unusual circumstance, he shutdown as usual and next boot it simply refused. The registry was corrupted, and the best guess I could fathom was that it was not being closed properly. I took his word, that he was doing everything proper, and resolved the registry issue, which was no easy chore. All was well for a few months and the same thing happened again. Again, virus updates in place, no unusual circumstance, etc. etc... The registry again was corrupted. Turns out several virus were infecting this machine. Yet norton said it was clean. clamwin.com's free antivirus found the most abuses of this machine. Microsoft's beta spyware found a couple. and avg's personal free virus detection found one or two that clamwin ignored. I can't stand either norton or mcafee, they are very intrusive, but the are more complete solutions than clamwin. Avg seems quite good, but nearly as annoying as norton and mcaffe. I hardly ever remember to run a virus scanner on my machine, but *I know* I keep it clean. I never-ever click on attachments I don't know exactly what their purpose is. I don't allow rogue browser add-ins to ever be installed. (ok, I caved and let flash on board, but I hate it, so I uninstall it every so often too. I've got a peppy machine, but flash simply eats too much memory). I've been a computer geek for 20 and some odd number of years. I can get away with this act of stupidity. I would never recommend to another. The moral, unless you know your machine is clean, it's possible it is not. Right now, there are spambots, several domains and name servers hosted on virus infected machines. Its discusting! I can't put an end to it, which is very frustrating. Link to comment Share on other sites More sharing options...
fragilesi Posted October 13, 2005 Author Share Posted October 13, 2005 Okay guys, I surrender. I hoped this would be an interesting topic but so far - to some extent justifiably as I mistook the meaning of the Admin tag (my bad for sure) - I've had it suggested that my machine is a cesspool, I've got a an easily bruised ego and I'm a cheapskate who doesn't like paying for his software. Odd seeing as I'm one of the few mugs on the planet who actually does pay his way for *all* the software he runs . . . I won't go into the ego part as it's probably too close to home And I've been told to send an e-mail to myself . Fortunately shmengie has given me some food for thought though I'm still confused given that the address being spoofed is not configured on my machines other than through the use of Spamcop's webmail. The virus mentioned seems to be reasonably well known so I think McAfee should pick them up. That's why I asked here to see if there were further ways that I could understand the source of the problem. So, I apologise for going off on one but I took exception to the tone of the initial response which I'm hoping you'll accept is hardly "encouraging". Fortunately, I think that I have found my answer though from McAfee's virus encyclopedia, this "bagle" thing replicates via e-mail and forges the from address. So, I'm guessing that someone out there is infected and sending the e-mail, who has my address in their address book. All I need now is to convince this Lindenhomes mob to understand that and sort their software out . . . maybe. Link to comment Share on other sites More sharing options...
shmengie Posted October 13, 2005 Share Posted October 13, 2005 I can't speak for wazoo, but i know its hard to deal with the same questions repeated often. I used to work with a girl in a bank office building. She would ask the same question 4 - 5 times before, the next week would roll in and a new question received the same treatment. Though you haven't aske the same here, yourself, it bares similiarity. In the end, it is 100% probable a virus is the conduit, to which you have been inducted into the realm of increased spam. Unfortunatly, that says very little for you personally, other than you another victem. The virus does not need to exist on your equipment for it to have this affect. Someone who has you in their address book or has received mail with your address in it, is likely comprimised. It's important to be aware of the state of your own equipment, but there is little you can do to protect your e-mail sent from falling into the abyss. It sux. nuff said. Hate spammers, because they love it. Link to comment Share on other sites More sharing options...
Jeff G. Posted October 13, 2005 Share Posted October 13, 2005 Here's an unexpected but refreshing response: Date: Tue, 11 Oct 2005 12:27:56 -0700 (PDT) From: Colin Dick <cdick[at]mail.ocis.net> To: [Report ID][at]reports.spamcop.net Subject: Spamcop report id:[Report ID] Hello SpamCop user, Hello and thanks for your report. Please be aware that the message you received was a bounce message, likely due to a virus that spoofed your name as the sender. We understand that this is still an unwarranted message as far as you are concerned and realize that SpamCop recently deemed bounces to spoofed senders as spam. We are researching ways to detect spoofed sender bounces. The issue has to do with our MX server accepting mail and delivering it to our primary mailserver. The primary mailserver rejects the message due to an invalid recipient and sends a bounce to the initial sender. We are trying to find a way for our MX server to know our local usernames so that it can reject the initial message immediately which would ensure this type of issue cannot occur. Thanks again for your report. Have a great day. -- Colin Dick OCIS Admin -- Please use the link below to review the report in question: [Report History URL] Link to comment Share on other sites More sharing options...
Jeff G. Posted October 13, 2005 Share Posted October 13, 2005 You write that the address in question has received spam before. If you Reported that spam without munging (or possibly with SpamCop's basic munging), your Report(s) ended up in at least one mail admin's mailbox, and may have been forwarded to one or more spammer and/or other admin. Any of those recipients could have gotten infected with a spoofing worm or virus, and directly sent the worm to "Plc" <plc[at]lindenhomes.co.uk> (spoofing your address), or they could have sent a spoofing worm or virus to another machine (spoofing your address), which then directly sent the worm to "Plc" <plc[at]lindenhomes.co.uk> (spoofing your address), etc. It is frankly disappointing that Gordano Messaging Suite v11.01.3365 running on mail1.lindenhomes.co.uk appears to strip Received Header Lines on purpose when bouncing a worm that is known to spoof source addresses - this is the same kind of antisocial behavior CNN's cnn.com is pulling, although cnn.com is bouncing for other reasons (user not found, IIRC). Link to comment Share on other sites More sharing options...
Wazoo Posted October 13, 2005 Share Posted October 13, 2005 Apologies if I'm in the wrong place . . . but I couldn't see an obvious answer to this in the FAQ. 3-6 times per day I'm getting e-mails from postmaster[at]lindenhomes.co.uk, the source of one is pasted at the end.34066[/snapback] Here's we/I started going wrong ... lack of a timeframe mentioned .... had it been stated with something like "for the last few days" ... I would have pointed to a FAQ entry here such as "Why am I getting all these bounces" ..... However, my 'read' took the 'background' as this being a "constant" .... immediately thinking of a "QuickInspirations" spam thing that I fought for over 3 or 4 months before simply blocking that IP block completely .... Thing is, I'm 99.99999% sure that they cannot possibly be getting the mail from me and I've told them so several times (direct to postmaster and the original cited e-mail address not the null return path). They keep arriving and they do not reply. I suppose I could just blacklist them but I'm sure I cannot be the only one getting these pointless e-mails. As I stated, this was also one of those "triggers" that set my response mode. U've heard that too many times, right up there with "I never click on those things" (in one case followed with "well, I clicked on that one to see if it was one of those things you told me never to click ...") Okay guys, I surrender. I hoped this would be an interesting topic but so far - to some extent justifiably as I mistook the meaning of the Admin tag (my bad for sure) From my perspective, not sure what "Admin" has to do with anything ... - I've had it suggested that my machine is a cesspool, I've got a an easily bruised ego and I'm a cheapskate who doesn't like paying for his software. Odd seeing as I'm one of the few mugs on the planet who actually does pay his way for *all* the software he runs . . . I won't go into the ego part as it's probably too close to home And I've been told to send an e-mail to myself . Again, based on what I "read" in your original post, suggestions made to attempt to clear up the other possibilities. I don't see that I explicitly made those comments about you and your system as fact, they were part of an explanation of some scenarios that I see on a daily basis. Fortunately shmengie has given me some food for thought though I'm still confused given that the address being spoofed is not configured on my machines other than through the use of Spamcop's webmail. The virus mentioned seems to be reasonably well known so I think McAfee should pick them up. That's why I asked here to see if there were further ways that I could understand the source of the problem. Now you're talking of an anti-vitus tool that's running on your system, but the "problem" situation beingdescribed now is that there is a computer somewhere else infected .. and the e-mail yyou're seeing may (ptobably) have hed the vitus removed before it was sent on / back to you .... So, I apologise for going off on one but I took exception to the tone of the initial response which I'm hoping you'll accept is hardly "encouraging". And in that case, I'll point to the FAQ entry here titled "How to ask a good question ..." or even the "How to use .. SpamCop Forum" introduction ... somewhere in all that you'll note that the key concept is "provide enough data" Fortunately, I think that I have found my answer though from McAfee's virus encyclopedia, this "bagle" thing replicates via e-mail and forges the from address. So, I'm guessing that someone out there is infected and sending the e-mail, who has my address in their address book. 34143[/snapback] And again, pointing out that anti-virus/trojan stuff is reactionary, thus always behind the curve. Lowlife writes a new version, kicks it off into the world ... it has to be seen/noticed, the anti-virus company needs to get a copy, analyze it, come up with a detection tool (possibly a removal tool), add that to their library, put that new library up for distribution, end-user needs to see that new library, download it, install it, then run it ... and in the meanwhile, some other lowlife is busy creating yet another 'new' version ..... most folks don't seem to be able to grasp that side of the issue. Link to comment Share on other sites More sharing options...
fragilesi Posted October 13, 2005 Author Share Posted October 13, 2005 Here's we/I started going wrong ... lack of a timeframe mentioned .... had it been stated with something like "for the last few days" ... I would have pointed to a FAQ entry here such as "Why am I getting all these bounces" ..... However, my 'read' took the 'background' as this being a "constant" .... immediately thinking of a "QuickInspirations" spam thing that I fought for over 3 or 4 months before simply blocking that IP block completely .... As I stated, this was also one of those "triggers" that set my response mode. U've heard that too many times, right up there with "I never click on those things" (in one case followed with "well, I clicked on that one to see if it was one of those things you told me never to click ...") I can see the point, and I clearly didn't research the FAQ well enough though to be honest I would never have associated the word "bounce" with what I was seeing. From my perspective, not sure what "Admin" has to do with anything ... Very simply I took that as meaning you were a representative of Spamcop. Again, based on what I "read" in your original post, suggestions made to attempt to clear up the other possibilities. I don't see that I explicitly made those comments about you and your system as fact, they were part of an explanation of some scenarios that I see on a daily basis. I guess the smilies, the "sorry" and the omment about ego haven't triggered the fact that I was talking toungue in cheek and in a more conciliatory mode then . . . but rest assured that's what was intended. Now you're talking of an anti-vitus tool that's running on your system, but the "problem" situation beingdescribed now is that there is a computer somewhere else infected .. and the e-mail yyou're seeing may (ptobably) have hed the vitus removed before it was sent on / back to you .... I only talked about the anti-virus tools because you suggested that I might be one of those who didn't take them seriously . . . and in the end the support for that tool got me to the answer. And in that case, I'll point to the FAQ entry here titled "How to ask a good question ..." or even the "How to use .. SpamCop Forum" introduction ... somewhere in all that you'll note that the key concept is "provide enough data" So there's an irony here in that all the data that was needed was in there. Once I thought of looking up the named virus in the McAfee website the likely answer became self-evident. And again, pointing out that anti-virus/trojan stuff is reactionary, thus always behind the curve. Lowlife writes a new version, kicks it off into the world ... it has to be seen/noticed, the anti-virus company needs to get a copy, analyze it, come up with a detection tool (possibly a removal tool), add that to their library, put that new library up for distribution, end-user needs to see that new library, download it, install it, then run it ... and in the meanwhile, some other lowlife is busy creating yet another 'new' version ..... most folks don't seem to be able to grasp that side of the issue. 34155[/snapback] For what it's worth I very much understand that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.