Dayo Mitchell said:
Hi Beth,
I'm not entirely sure I do believe you,
b/c I only see multiple messages
re the patch with 155K and 14K attachments on the Mac groups. I don't think
I've seen a single 155K patch message on ms.public.word.docmanagement or the
formatting.longdocs group. Which to me suggests they are running better
interference on other groups, and admittedly there's some logical defenses
of that (more traffic, if a PC user downloads the patch they are damaged,
not just inconvenienced). But still!
FWIW, I don't think there is much evidence of the virus being delivered
directly by news servers. I have seen none at all delivered that way.
What does seem likely is that the virus has some way of harvesting
e-mail addresses from news postings and then sending direct e-mail from
the infected machine. It may be going to news servers to harvest
addresses or it may simply be reading saved news articles on infected
machines.
I believe this to be the case because the IP address of the virus
sender is all over the place, unrelated to news servers, and that
addresses I and others have, that have not been used to post to
newsgroups, have been far more lightly attacked.
I always use a real address, partly because it is polite, partly
because it is too late to do anything about it. I am seeing up to 100
messages with 104KB virus attachments per hour. Around 200 MBytes of my
bandwidth is being stolen each day.
On top of that, there is an increasing flood of auto-drivel from
mismanaged corporations that tell me that one of their own people tried
to send me an attachment and that with some pride, they disallowed it.
On top of that again, there are the virus scanners who don't know that
the From is forged who want to accuse *me* of sending them a virus.
Internet e-mail is on the edge of melt-down.
That 200MB of manure is 2 to 5 times more than I use on average! It has
multiplied my inbound e-mail a thousand times, making mobile (GSM)
e-mail completely unaffordable. I'm trying to get around it by running
a mule mac which POPs and junks all the viruses and forwards what it
thinks is non-junk to my real machine. (server-side filters just can't
do as good a job) This stupid virus is costing me real money.
The cumulative effect over all ISPs must be crippling. There are only
three logical places to stop the stuff. On entry to the net, and at the
POP or IMAP server, by which time the denial of service is complete.
The third way is to make it an international criminal offence to
connect a Windows machine to the internet.
It is getting well beyond a laughing matter.