In <[EMAIL PROTECTED]> Thomas Cameron <[EMAIL PROTECTED]> writes:
> I recently responded to a thread on a local LUG mailing list where a guy > wanted to report a virus as spam. [...] > > What is the "conventional wisdom" on this list? Should viruses be > reported as spam? If so, why? If not, why not? I think it is very important to distinguish between different types of viruses and worms. An anti-spam tool is not going to be very effective or useful in locating and removing viruses and worms that infect things like MS Word documents, spread sheets, and legitimate executables that have been corrupted with a virus. These are worms and viruses that propagate via other means that just happen to be in email. Viruses and worms that propagate via email, such as Klez, Mydoom, etc. are Bulk, Unsolicited and Email (aka UBE), and thus are hard for anti-spam tools to *NOT* detect. For reasons I have never agreed with, many people view email worms to not be "spam". Some of these people think that only UCE is spam. Others seem to think that it is "unfair" to report infected machines as sending spam. This is slowly changing. Spamcop, for example, has changed their policy and now lets you report email worms as spam. Abuse desks (that would act on "regular" spam) are no longer dismissing complaints about infected machines and are taking actions to get these machines fixed. I'm not sure what the SA folks think about this now a days. A while back, they removed the checks for MS executables as being spam indicators even though the test actually is a very good indicator of spam. Instead, SA is detecting email worms via the Bayesian analysis, detecting keywords that match MS executables, even though it doesn't do anywhere near as good a job. Email worms are one of the most dangerous and destructive forms of UBE. They directly lead to open proxies that are used for "regular" spam. IMHO, they should be paid *more* attention to than "regular" spam, not less. -wayne
