Unfamiliar or bizarre terms that you run across might be in the newsletter glossary (-- if not, suggest that we add it.)
March Comes In Like A Worm
March is here, and with it a new round of computer infections. Most
noteworthy have been variations on two competing implementations,
known as netsky and bagle (or beagle).
And from all accounts they really do appear to be competing: analysis
of the programs have revealed each group of virus writers taunting
the other.
From our perspective, bagle variants have caused the most confusion. Once your machine is infected, the virus will scan a great many of your files looking for email addresses. It will then send a contagion email message to those targets (with some exceptions), appearing to come from an administrative address in the same Internet domain as the recipient. For example, if it finds an address of "mem@example.com" it might send an email message to that address, forged to look like it comes from "administrator@example.com" . ("administrator" is one of several random choices, each of which is intended to look like an authoritative address.) The point at this stage is to gain your trust so that you'll accept the infection. The email message also includes an attachment that's a password-protected zip file, and the email message kindly includes the password that you can use to open it up.
With a lot of email viruses the recipient must actively do something to get infected. Usually this "something" is running a program. The virus authors will do what they can to get you to do this. Here they've not only impersonated an address that's likely a trusted authority (an "administrator" within your own Internet domain), but they've given you an apparently protected attachment along with a password to open it. But this is a trick that falls apart if you think about it just a little bit: nobody is going to send you a password protected document and send you the plainly readable password along with it. In fact this alone should make a recipient suspicious: if somebody is sending you a locked document along with the key, you've got to wonder what the point is. The point is to get you to open the box.
Like other viruses, these spread by other (non-email) methods as well. Once a system has been infected, it can (and will) be used for ulterior and nefarious ends. It's very important, not only for your own security but for the protection of the rest of the Internet, that you guard against these infections and that you immediately take care of your system should it become contaminated.
Our customer service website at home.mv.net has more information about viruses and infections.
We Are Not Sending You Viruses
Did you receive a message that looked like it came from the
staff at MV Communications, asking you to open an attachment?
This is, of course, the viral email that we talked about in
the first section (above). It's not from us: rather, it's
forged to look like it comes from somebody you can trust.
We don't send you programs via unsolicited email. Even if we had a program that we wanted to tell you about, we'd provide a URL (a link to a web site or FTP site) and let you fetch it if you wanted. Nor would we contact you out of the blue and ask you for account details that we obviously already have access to. (While we might have occasion to ask questions of you, they would be in context: for example, in response to a contact that you initiated.)
Blunting Viral Spam by Controlling SMTP
One of the ultimate goals behind many of the newer viruses is sending
spam. The technology of spam has matured to the point where now,
rather than having a few sources sending out tens or hundreds of
thousands of messages directly to the targets, spammers use viruses to
infect many machines and enlist those machines to each send out a much
smaller number of spam messages to each destination. This makes it
harder to block spam, since it's now coming in from the vast number of
infected systems out on the Internet, and harder to trace spam back to
the perpetrator, since the machines sending the messages were hijacked
and are not related to the spam originator.
Part of the reason that SPAM gets through (and there are many reasons) is the open-ended nature of Internet mail. The original design of the email protocol (SMTP: Simple Mail Transfer Protocol) allowed any sender to open up a connection to any recipient, and simply send the message via that connection. As both the Internet and email usage have evolved, common practice has changed. One change starting last decade was closing intermediate relays. Whereas a sending system formerly was able to send email to any system and expect that system to forward it along to its eventual destination, best current practice now dictates that only systems that are directly related to the sender or the recipient will do this forwarding. As time goes on you can expect to see more changes and more tightening up of the flow of email, especially as it comes to sender verification and validation. Significantly, not all sending sites will be allowed to make SMTP connections to all receivers. Many receivers are already refusing connections based on various criteria, taking cues from information published by the domain of the sender, from the owner of the sender's IP address space, and from private or third-party accreditation or blacklisting services.
Most sending systems, in turn, have no reason to make SMTP connections to anything other than their local mail server. If you're a dialup customer at MV, you should be submitting your outgoing email to our mail server(s), which will then do the job of sending the email to its destination. In other words, enterprise-level SMTP servers talk to each other, while end users should communicate only with their local servers. This allows each local server to have better management of its incoming and outgoing mail.
To this end, MV will soon begin a policy of blocking outgoing SMTP traffic from all dynamically-assigned dialup addresses to any destination other than our mail servers. If you've got a dynamic IP address you ought not be making direct SMTP connections anyway, and such connections are a pretty sure indication that you've got a virus (not to mention that many sites on the Internet already refuse direct connections from dynamically assigned IP addresses). If you have a need to make SMTP connections directly, you can get a static IP address from us. But be aware that this tightening of SMTP will continue (not just with us, but on the Internet at large).
Newer Filtering Options
We're on the subject of viruses and viral spam yet again, so it's
a good time to mention some of the newer filtering options we have
available or that will be coming available.
Our email filtering (available at our webmail site (webmail.mv.net) have given you the ability to look for very specific things in your incoming mail. For example, you can test for words in the subject, for email addresses in the email header, for listing of the sending system in DNS blacklists, and for a number of viral spam tests that we have provided. A typical filter setup will whitelist certain addresses or patterns (e.g. to always accept email from friends and colleagues or from mailing lists you are subscribed to), and then attempt to filter spam and other unwanted mail.
While most people may make occasional changes to the whitelisting part, they don't really want to be updating the other parts of their filters frequently, even to take advantage of the new tests as we provide them. Indeed they would rather just set certain levels of spam filtering without having to know about all the nitty gritty details.
As our filtering facilities progress, we are working on making these sorts of general filter levels available. We have recently introduced a new control that lets you apply all of the viral spam tests that we know about, without having to specify each one individually. If you use this filter, you would be able to detect the next viral spam outbreak as soon as we had provided a test for it, without your having to update your filters to test for that virus specifically.
Microsoft's Free Security Update CD
Microsoft is making available a CD, which they will send to you for
free, containing security updates for various versions of its Windows
operating system. Quoting from their website:
The Windows Security Update CD will be shipped to you free of charge. This CD includes Microsoft critical updates released through October 2003 and information to help you protect your PC. In addition, you will also receive a free antivirus and firewall trial software CD. This CD is only available for Windows XP, Windows Me, Windows 2000, Windows 98, and Windows 98 Second Edition (SE).Find the offer at http://www.microsoft.com/security/protect/cd/order.asp .
(You must have cookies and javascript enabled in your browser to make use of that URL.)
Note that as with any vendor's software, we make no representations about this disk. We mention it as something you may find useful, but do decide whether you want to make use of it (or anything on it). Note also that it only contains updates issued through October 2003, and you should still investigate patches released after that date (and continue to apply patches as they become available).
Misc Notes
Servers: We're working on upgrades to several servers here at
MV. Some of these servers are not directly visible to you (including
such as DHCP, nameservice, and storage). Others will be, and
include (at long last!) a new Usenet News server and another mail
server to help offload the work of outgoing and incoming mail.
Finally, but over a longer period, we will be putting together a new
shell server.
Invoicing: Just a reminder that if you can receive your invoices via email, you will save the $1 paper billing fee. (However if the email to you fails for any reason, we may still have to fall back to the postal/paper invoice.) Please contact us if you want to switch from paper billing to email billing, or simply use your web browser: go to home.mv.net, and under "Customer Tools" click on "Invoice" on the menu at the left.
T1 specials: A new trial tariff allows us to provide Verizon T1 circuits under a different rate schedule. Traditionally T1 circuits (high-speed digital links) include a monthly mileage charge of about $26/mile on the distance between the central offices that the T1 spans. So while a T1 within Manchester has no such mileage charge (and has only the base circuit fee), a T1 from Manchester to Nashua has a mileage charge for the approximately 15 miles between the two central offices. Under the trial tariff, the T1 distances are classified into mileage zones at much more attractive rates. One caveat is that a new T1 under the new terms can not be used to replace an existing T1 circuit. We are very excited about making use of this new option- please contact us if you'd like a quote.
DSL/V: New DSL/V areas are opening up all the time, particularly for new neighborhoods in towns that already have DSL capability but not previously for that particular area. Even if you were previously disappointed to see that if your Verizon line is not eligible for DSL/V, you can check again: it might have changed! You can use our loop qualification page available through home.mv.net, our Customer Service page.
The Case of the Missing February Newsletter
Note: There was no newsletter in February. It was a leap month, so we leaped over it? We saw our shadow and waited another six weeks? We were exhausted by the primaries? The dog ate it? Something like that. Or perhaps we could use one of Jeff Ballard's BOFH-style excuses (once there, reload for different excuses).
Interesting Link(s)
Here again is a corner of our newsletter where we mention one or more
sites that we have run across (via our wanderings or in newsletters we
receive or in other places) that are interesting to us. Items here do
not necessarily have anything to do with us (and often do not), nor
do they necessarily have anything to do with our business or anything
else we do. (It should go without saying that we make no
representation about anything contained on those web sites.)
This month we are simply looking at pretty pictures.
Digital Blasphemy is a site operated by Ryan Bliss, containing a gallery of his computer-generated images. (Some are available for free, and some for a fee or to members.)
For images grounded in reality, it's hard to beat NASA. Their Earth Observatory Newsroom contains a tremendous number of photos of the earth from space. Just a few clicks later you might run across their Visible Earth site, where you can search an image database (try searching for "Boston" or "New Hampshire" or "iceberg"), or simply browse through what they've catalogued. (NASA has an immense web presence: these are just the tip of the iceberg.)
Your feedback?
Do you have feedback on this newsletter (or past or future newsletters)?
If so, please either:
Edit History
20040311: posted
20040318: added microsoft CD section