Is anyone else seeing this?

Julian Field mailscanner at ecs.soton.ac.uk
Mon May 19 21:39:10 IST 2003


At 21:30 19/05/2003, you wrote:
>I've noticed that a lot of the Fizzer / Palyh viruses coming into our
>site seem to be arriving via our secondary /tertiary MX.  I'm not overly
>worried - only about 2% of my total mail is coming in that way (and I
>know a lot of spam takes that route) - but most of the Fizzer / Palyh
>viruses do.  Is it just me?

It's a standard spammers trick. Target your lowest priority MX with spam in
the hope that it won't be as well set up as your primary MX. Quite often
the lowest MX is run by your ISP and will relay just about anything for any
of their customers. Always take care that your lowest MX is as tight as
your highest MX.

>BTW I don't know if anyone else saw it but there Slashdot was reporting
>that  a group calling itself the 'Fizzer Task Force' has taken control
>of the Geocities web site that Fizzer updates itself from and replaced
>the updater with an uninstaller.  Pretty funny I thought (although
>whether its an appropriate course of action seems to be the subject of
>some debate).
>http://slashdot.org/article.pl?sid=03/05/16/0340251&mode=thread&tid=126&tid=95&tid=172

Oh joy, people writing viruses (or things close to them) thinking they are
doing good. Most virus damage is caused by bugs in the viruses, which
includes well-intentioned software like this. In my book it is better to
just knock out the updater. Who's to say their uninstaller works everywhere
and never causes any damage itself? Let us hope they did a good job.
--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support



More information about the MailScanner mailing list