Return-Path: <sentto-279987-2973-1003191660-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Mon, 15 Oct 2001 17:22:08 -0700 (PDT) Received: (qmail 1220 invoked by uid 510); 16 Oct 2001 00:20:43 -0000 Received: from n18.groups.yahoo.com (216.115.96.68) by 204.181.12.215 with SMTP; 16 Oct 2001 00:20:43 -0000 X-eGroups-Return: sentto-279987-2973-1003191660-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n18.groups.yahoo.com with NNFMP; 16 Oct 2001 00:21:01 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 16 Oct 2001 00:21:00 -0000 Received: (qmail 77385 invoked from network); 16 Oct 2001 00:20:21 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 16 Oct 2001 00:20:21 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 16 Oct 2001 00:20:21 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id RAA12348 for iwar@onelist.com; Mon, 15 Oct 2001 17:20:18 -0700 Message-Id: <200110160020.RAA12348@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Mon, 15 Oct 2001 17:20:17 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:British.ISP.cuts.off.virus-spreading.users] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit British ISP cuts off virus-spreading users By Wendy McAuliffe, CNET News.com, 10/15/2001 <a href="http://news.cnet.com/news/0-1003-200-7473401.html?tag=ch_mh">http://news.cnet.com/news/0-1003-200-7473401.html?tag=ch_mh> British Internet users who fail to protect their machines against virulent computer viruses such as Nimda could have their Internet connections suspended by their Internet service provider. British ISP Telewest has been the first to take direct action against customers who have refused to patch their computers against the Nimda worm or have left infected PCs running. The company insists that these are "sensible" measures to protect customers from malicious worms that are able to self-propagate across networks without user intervention. "Telewest, in line with other service providers, has put into practice a virus protection strategy to prevent infection of our network," said a spokeswoman at the company. "Protective measures include the temporary removal of service from customers who are virus infected and who may have not taken appropriate preventive measures." The destructive Nimda virus was unleashed into the wild last month and included a mass-mailing component enabling it to propagate on a massive scale. The worm spreads in several ways: It can arrive as an attachment entitled Readme.exe and is programmed to automatically archive the attachment so that the executable file can run without the end user having to double click on it. Nimda can also be spread from infected servers running Microsoft IIS Web server software, which it uses to attack other servers across the Internet. The ISP crackdown is to prevent customers' computers from acting as a proxy to scout for other vulnerable PCs. "Some people may be a Typhoid Mary, spreading the disease onto anyone that they are in contact with, and so need to be isolated," said Graham Cluley, senior technology consultant at Sophos, a security company. "But I hope that any ISP would get in contact with the customer first." Freeserve used Nimda as an opportunity to remind people of their responsibility to patch their machines against known and publicized exploits. An e-mail message circulated to all customers stated: "It is important that Internet users take safeguards against viruses of this nature. Your PC may otherwise become infected without your knowledge. If this happens, you may easily infect other peoples' PCs with which you have contact." "It all comes down to the terms of service and deciding where you draw the line," said Cluley. "If a site is vulnerable (i.e. hasn't been patched) but hasn't been infected, do you suspend that account?" ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:55 PST