Logical disconnect

[jahbulon.livejournal.com]

Don't know if you guys have been hit by this fucker : http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.es@mm.html

Basically it makes the emails look like they're coming from the ISP.

cut for angry sweary ranting

This customer has emailed us three times to ask about the emails. She opens the attachments every single goddamned time, then emails us to ask why a) her account has been closed, b) her password has been changed and c) her (ISP) "user profile" has been changed - because these are the things the emails claims to be occurring.

She also requests a callback every single time. We don't do callbacks on grave plus any issue that can be resolved via email will be - we're not going to waste our time calling someone when they have already read the answer. Here is her latest email. Note the complete lack of connection between separate thoughts in her brain as evidenced by the first two sentences.

I have emailed you about this already and you said that (ISP) never sends
attachments. I am scared this is a farce and if I open the attachment it
will be a virus. Please CALL me I've asked you to do this several times on (number)

DUBBLE YYOO TEE EFF WTF WTF WTF This blows my fucking mind.

"You have said A. I am worried that A. Is A?"
"FUCKING A!!!!"

My response :

As you have been previously advised on multiple occasions, these emails ARE a hoax, the attachments ARE a virus and (ISP) will NEVER send you an attachment. This is not only true for the emails you have already received, but any FURTHER emails you receive. Do not open the attachment and delete the emails immediately.

We operate an inbound contact centre. If you wish to speak to us directly you must call us on (number), yet no further action need be taken by you or us in this instance - simply delete the emails. If you wish you may read about the virus on this page : http://securityresponse.symantec.com/avcenter/venc/data/w32.mytob.es@mm.html

Shut the fuck up,

Incredulite

Comments

[drquuxum.livejournal.com]

This actually makes me thankful for the handful of users of mine that forward such messages for verification with full headers.

Too bad that's a very tiny minority.

[tsutton.livejournal.com]

Yeah, we're hit with that too. Thankfully our virus scanner was updated so it blocked all of them before it appeared in their Inbox.

[jahbulon.livejournal.com]

Our ISP uses the Symantec Brightmail system. A bit strange that these emails still aren't being blocked yet the Symantec site has info.

[jahbulon.livejournal.com]

We have quite a few who are learning and haven't opened the attachment. Quite a few who haven't learned a thing and have opened the attachment. This woman though... We have TOLD her THREE TIMES ALREADY and she is STILL ASKING THE SAME FUCKING QUESTION, even though she acknowledges that we have supplied the fucking answer! GAAAAHH!!!

[tsutton.livejournal.com]

Yeah? I thought Brightmail would have already blocked it by now!

[jahbulon.livejournal.com]

Yeah you'd think.

[infy.livejournal.com]

Yeppers, even though we send out notifications each and every time these kinds of things happen, we still get a large number of contacts from people who open the attachments. Idiots. If it looks suspicious, don't open it!

Although, I knew we were going to run into problems the moment someone figured out how to make these and use spell check. Amazing.

I've always wanted to say, "Ma'am, this was actually a test to rate the intelligence of our customer base, and their ability to comprehend basic security and computer best practices. Unfortunately, you failed miserably. Please make sure to completely clean out your desk and turn in your ID badge before the end of the business day. Have a wonderful weekend...buh bye."

You know, we'd save a lot of sanity points if they actually bothered to pre-screen applicants before hiring them, especially seeing as they're not concerned about training them afterwards. Not all of them are stupid, but my head aches from the utterly asinine calls I've taken today.

[dhutch.livejournal.com]

So thats the name of the bastard. nasty little bitch isnt it? the come thru with support@ register@ administrator@ . My users got a blanket email from me last week - if you see those coming from our domian - they arent. we have no such addresses. Blocks got put in for em. The fun part now is going trhu headers, and sending requests to the ISP's, or dominas they actualy did come from to track the PC down in thier net if they can.

[linguafranca.livejournal.com]

Our customers are getting them, too. I've actually fielded only two or three calls this time. After the last batch, I think they've figured out on their own that this is the same sort of thing. Good for them!

[jahbulon.livejournal.com]

It's one of the most clever viruses I've seen in the way that it functions. Very tricky. You gotta respect the creativity in something like this - although give me a razorblade, some lemon juice and 2-3 days with the fucker who wrote it and I'll feel slightly better about the situation.

[jahbulon.livejournal.com]

Awwww, cute little lusers. I hate them all.

[dhutch.livejournal.com]

Ha! One who shares my opinions/views on the creatores of these things I bet. The hell witht he governments prosecuting these morons. Just let a small mob of sysadmins deal with em :-) We're creative enough to get them so that "wishing they were never born" pales by comparison to how badly the'd want off this rock we live on. For example - mix the lemon juice in with some rock salt.

[jahbulon.livejournal.com]

I rike the way you tink

[jahbulon.livejournal.com]

Oh pish posh. No employee need be aware of the complex systems in these calculatrix machines or whatever flimflammer term you strange technical people use. The use of these infernal contraptions shall never be required for the normal working day!

[xdownfornowx.livejournal.com]

every one is getting hit with that. thankfully trend micro office scan is updated hourly and is pushed to all the clients here. My CEO was kind enough to test it out last week (after 2 warnings from me about it) when trying to open an attacment from a business we partner with. Score 1 for Trend! I honestly believe that ISPs and e-mail hosters need to do more for scanning viruses before letting this shit go through. I know the products are out there, I've researched them. It would only help them in the end with all the down time they get from support calls and server loads.

[ex-deliveryboy.livejournal.com]

awesome icon!

[jahbulon.livejournal.com]

sup_internets is responsible. I agree with the sentiment entirely :)

[jahbulon.livejournal.com]

It is a little insane to rely on a bunch of uneducated morons for security. Thousands of individuals with separate antivirus programs or a few massive filtering systems on the big pipes? That'd be interesting, if somewhat impossible.

[xdownfornowx.livejournal.com]

yeah, but it really isn't though. When I was working/attending RIT (www.rit.edu) ITS cleaned up the network/mail system after we, like every other big network, got hammed by Sasser 2 years ago. Know it is next to impossible to transmit a virus through e-mail. It gets scanned, de-fanged, and a warning is attached to the body of the message if there was a threat. Add to that free A/V from mcafee which is required to be installed and updates with all the windows patches prior to being allowed on the network. All this gets done, the network is happy and safe and over 17,000 users never get adversly affected when there is an outbreak. If colleges can do this there is no reason an isp or mail provider can not.

[jahbulon.livejournal.com]

If colleges can do this there is no reason an isp or mail provider can not.

The difference between 17,000 and 250,000 (the number of customers only one of our sub-ISPs has) is an order of magnitude. I'm not saying it's impossible, I'm just saying that the cost of such a high-end, interactive, update-pushing antivirus system quickly becomes prohibitive as the number of users rises. Considering that ISPs in my country can find it hard to profit off basic email services, it is in no way cost-effective to implement such systems.

It sucks, but hey, so does herpes. You just gotta deal with it. Maybe one day they'll find a cure ;)

[xdownfornowx.livejournal.com]

fair enough

oh, so you're the one!

[valancy17.livejournal.com]

quit filling my inbox with messages warning me that other messages might be spam or viruses! I get too much email as it is!

;-)

[infy.livejournal.com]

Don't forget piping in either Barry Manilow music or heavy metal muzak. Really make the bitch suffer.

[jahbulon.livejournal.com]

Hehehe.. I'm reminded of Garth in the dentist's chair at a Kenny G concert ;)

[k8mnstr.livejournal.com]

Okay, I've gotta chime in here. I work for a major web hosting provider and on only one of our many many many mail servers, several hundred thousand e-mail messages get transmitted daily. Now, barring the sheer overhead scanning on this magnitude would cost, you still have to deal with the customers. Example:

Us (a long long time ago): Sorry, we do not offer any message filtering services. Any anti-virus/spam filtering and management is soley the responsibility of the account owner.
Luser: That is bullshit, there is no reason why you can't filter our messages for viruses and spam! (ISP) does.

Us (present day): The message was bounced? In order to prevent this from happening you will need to either add the recipient to your whitelist or lower your filtering setting.
Luser: That is bullshit! You have no right to filter our messages like this. My business relys on e-mail and your company is costing me thousands of dollars. I have my own software that I use and you have no right to deny me my e-mail messages!

Either way, we're fucked. Plus although these messages may appear to be coming from a domain that we host, there is still no guarantee that we are the MTA. So long as e-mail clients still allow users to specifiy who the message is originating from, spoofing will still need to be taken into account. Unfortunately there are still many, many mail servers out there that act as an open relay.

The solution needs to be that people who don't know what the fuck they're doing on a computer should not be permitted within 100 yards of said machinary. I know I can't operate a bulldozer, I'm not about to go play GTA on the construction grounds. *headdesk*

[the-s-guy.livejournal.com]

Mmm... I'll admit it's pretty rare that ISP end-users are given direct control of ISP-level filters for their account. Most will either block nothing or block as much as possible, with a handful allowing users to toggle this setting on a web page.

I guess there's not really a major market for a useful user-oriented front end for this stuff. Something that would accept an ISP default set of filters, have some of the settings only editable by the ISP, and make others tweakable by end-users using a couple of toggles (basic interface), a page of sliders (advanced interface) or direct filter regexes (administrative interface).

Note that I never said giving people (at least partial) control over something would stop them whining about it...

[justsomegurl.livejournal.com]

I've had users call us to ask about these emails that are in their virus filter labeled as a virus. uhm, it says it is a virus because it IS a virus :) thank you