Author: Christophe Theron
Date: 11:11:39 04/28/04
Go up one level in this thread
On April 28, 2004 at 13:34:24, Peter Skinner wrote:
>On April 28, 2004 at 09:59:58, Zheng Zhixian wrote:
>
>>On April 27, 2004 at 16:41:50, Peter Skinner wrote:
>>
>>>On April 27, 2004 at 15:36:22, Christophe Theron wrote:
>>>
>>>>On April 27, 2004 at 13:04:14, Peter Skinner wrote:
>>>>
>>>>>On April 27, 2004 at 09:20:26, Günther Simon wrote:
>>>>>
>>>>>>"Return-Path: <icd@icdchess.com>
>>>>>>Received: from marek.org ([213.173.216.226]) by mailin06.sul.t-online.de"
>>>>>>
>>>>>>marek.org seems to be a strange site BTW...
>>>>>>http://www.marek.org/
>>>>>>
>>>>>>Günther
>>>>>
>>>>>I have recieved the same. Someone on the board probably has ICD Chess in their
>>>>>address book, and it is sending to everyone in it.
>>>>>
>>>>>Just in case I ever do get a worm virus it isn't going anywhere. Just create a
>>>>>new contact in your address book with the name 0000, and no email address. It
>>>>>stops the virus from proceeding.
>>>>>
>>>>>Peter.
>>>>
>>>>
>>>>
>>>>I don't see why it would stop a virus from proceeding with the next entry in
>>>>your address book.
>>>>
>>>>Urban legend? Hoax?
>>>>
>>>>
>>>>
>>>> Christophe
>>>
>>>Most worm virii look for a "person" and an "address" in the address book. When
>>>the 0000 user is put in you will notice it tops the list in the book, and when
>>>the virii can not see both criteria it stops, thinking the book is empty.
>>>
>>>This is an "old school" trick from when the Melissa virus was circulating and
>>>still holds true today. There are exceptions to every rule, but for 99.9% of the
>>>email worms out there it is very effective.
>>>
>>>In McAfee version 4 I believe it used to create the 0000 user account
>>>automatically, but so many people though a virus had done it and McAfee didn't
>>>stop it, there was a huge decline in business. McAfee of course removed that
>>>"feature" with the 4.01 patch :)
>>>
>>>I will dig around the Symantec website for the actual artical explaining this in
>>>more detail and post it here. Hopefully I can still find it.
>>>
>>>I install the 0000 account on every single computer I work on with the clients I
>>>service. And the stats do not lie. While the computer maybe infected, there is
>>>no extra traffic leaving the workstations, thus limiting the damage the virii
>>>can do.
>>>
>>>Like I sad I will dig around and post an actual article that details it more.
>>
>>
>>Like these?
>>
>>http://antivirus.about.com/cs/hoaxes/p/000tip.htm
>>http://vil.nai.com/vil/content/v_99213.htm
>>
>>I agree with Christophe Theron, I would be worried if someone "knowledgable"
>>like yourself was providing security advice to me.
>
>There you see it as the !0000 account. Being a non-typical format for a name or
>even an email address, any worm would stick over it being that it is not valid.
>The 0000 trick in fact works.
So you claim that ANY worm will stop spreading because you have inserted a
non-standard email address in the address book?
That's cyber-superstition.
You could mention the 0000 trick just for info, just for fun. The fact that you
actually use it and rely on it to stop virii is extremely frightening.
At least I want other unsuspecting readers to know that it's very bad IT
security practice and that your advice should not be followed. It's dangerous.
Now you do what you want with your customers/clients of course...
Christophe
>I have seen it work many times where I can not control infection, I can contain
>damage.
>
>Read my posts below and you will see what I mean.
>
>Peter
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.