Obviously any email you get saying "The message contains Unicode characters and has been sent as a binary attachment" or "The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment" or anything else specifying the need for you to open a binary attachment IS SPAM. Especially if you are at risk (running windows) please do not open. This is a bad one.
- jim 1-27-2004 6:38 pm

Technical details.

Systems affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
- jim 1-27-2004 7:12 pm


Yesterday I got a zip file that came in an email from a postmaster claiming DELIVERY FAILURE. This is a clever ruse. Yesterday Norton didn't detect the virus, but today they did.
- mark 1-27-2004 10:26 pm


I got the "delivery failure" zip on Monday and the Unicode one yesterday. I didn't open but I'm on a Mac.
- steve 1-28-2004 1:05 pm


Is this thing back today or what? I'm getting hammered again. Hundreds of messages this morning alone.
- jim 2-09-2004 8:23 pm


W32.HLLW.Doomjuice
- mark 2-09-2004 10:05 pm


What if Microsoft shipped it's email client configured to not open attachments until it connected to a Microsoft server and compared some sort of checksum of the attachment against those of known viruses? This way they could stop anything dead in it's tracks by just adding that checksum to the database.

Maybe people would freak out because of security concerns ("I don't want Microsoft knowing what email attachments I am receiving!") but 1) it's only sending a checksum, not the attachment itself, and 2) you could turn it off if you really care about such things (but most people wouldn't since most people leave default configurations.)
- jim 2-09-2004 10:11 pm


That's an interesting idea, but a checksum really isn't enough. A self-modifying worm wouldn't be that hard to create. Since users a falling down on this whole protection thing, I think the ISPs should step into the breach.

Doomjuice Worm Puts New Squeeze on IT

Doomjuice spreads to computers infected with the MyDoom worm, entering through a previously established backdoor. To locate machines that have the backdoor, Doomjuice scans random IP addresses and attempts to connect to port 3127.

- mark 2-10-2004 8:51 pm


Right. Damn. It's a hard problem. And if it can't be solved then I'll take the spam over some sort of "every computer attaching to the internet has to be authenticated with a local authority" type set up.

My filters do pretty well. It still eats up my bandwidth, but even at 100 to 1 ratio it's not that bad.
- jim 2-10-2004 9:33 pm


The web mail programs do automatic virus checking on attachments. Seems like the same could be done with POP3. But I don't really know the protocol.
- mark 2-10-2004 10:16 pm


Is anyone actively proposing an "every computer attaching to the internet has to be authenticated with a local authority" scheme? Just wondering how much longer I have to enjoy my little web publishing adventure.

- tom moody 2-10-2004 10:21 pm


Depends what you mean by "actively". Some people have been trying this for a few years, and I'm sure they and others will continue. I don't think they've been successful to any worrying degree, at least yet.

The term used is usually "trusted computing" and the idea can/will be sold under the idea of making you more safe. From spam, from viruses, by ridding the internet of DDOS attacks, as well as stopping the trading of copyrighted material. All of this can (only) be accomplished if all the computers on the internet are "trusted", which means something like they contain a tamper proof chip that ensures the device can only be booted into a "trusted OS" which can then be trusted to give it's unique ID to the trusted overlords of the internet everytime it connects.

As an example of someone trying this, see this bill (SSSCA) introduced to Congress by Senator Hollings on 9/7/2001:

In General -- It is unlawful to manufacture, import, offer to the public, provide or otherwise traffic in any interactive digital device that does not include and utilize certified security technologies that adhere to the security system standards adopted under section 104.


It didn't pass, but it'll be back I'm sure.

Open source operating systems would, of course, be unable to connect to the internet because the authorities couldn't be sure that a rogue user hadn't modified the code to give an incorrect ID. Only signed operating system binaries produced by "Trusted" companies would be legal for use on interactive digital devices.

In an unrelated story Bill Gates announced at Davos that he was going to rid the world of spam in two years. Hmmmm.
- jim 2-10-2004 11:58 pm


Ashcroft and Isner and Gates! Oh, my!

I don't doubt there will be efforts to control computers, but I would expect there to be an overwhelming backlash from industry, users, etc. An interesting example is the country of Brasil, which is doing it's best to undermine Gates' hegemony.

I'm just glad the EFF exists.
- mark 2-11-2004 2:45 am





add a comment to this page:

Your post will be captioned "posted by anonymous,"
or you may enter a guest username below:


Line breaks work. HTML tags will be stripped.