Email Virus security down?

Discussion:

(too old to reply)

marx404

2005-05-05 00:59:35 UTC

What is going on with Adelphia's email servers lately? There used to be NO
virus laden worm or trojan traffic, but in the past 2 weeks I have seen it
go up 200 percent. What is going on with the email server security software?
Adelphia used to do a fine job filtering out SPAM now they just suck as bad
as AOL, MSN and BellSouth.

Admin, please wake up and do something about all this illicit virii
activity!!!
fyi, I am in the WPB area and already have been told twice that there have
been major server/blade issues here in the last 2 months. Coincidence? or is
Adelphia just letting any traffic thru thier email servers?

--
marx404

Murray Watson

2005-05-06 13:08:18 UTC

Permalink

In adelphia.security-issues - article <d4idnTi7m8aZ7eTfRVn-

Post by marx404
What is going on with Adelphia's email servers lately? There used to be NO
virus laden worm or trojan traffic, but in the past 2 weeks I have seen it
go up 200 percent. What is going on with the email server security software?
Adelphia used to do a fine job filtering out SPAM now they just suck as bad
as AOL, MSN and BellSouth.
Admin, please wake up and do something about all this illicit virii
activity!!!
fyi, I am in the WPB area and already have been told twice that there have
been major server/blade issues here in the last 2 months. Coincidence? or is
Adelphia just letting any traffic thru thier email servers?

As far as I know Adelphia hasn't had server based virus scanning in
the last 2 years, if you're getting viruses that say something like :

-----
ok ok ok,,,,, here is it
*** Server-AntiVirus: No Virus (Clean)
*** "ADELPHIA" Anti-Virus
*** http://www.adelphia.net
-----

It's a ruse, you are expected to run virus checking on your computer.

If you're getting an increase, there's a new virus, associated with
the above message "Sober.O" that's being successful in duping people
into clicking on the attachments and becoming infected.

http://securityresponse.symantec.com/avcenter/venc/data/***@m
m.html

marx404

2005-05-08 15:10:47 UTC

Permalink

Definately lots of virus and worm activity going around. Everyone I know
using Adelphia has been affected (or infected) in the past recent month.
Luckily I have taken extreme measures of protection, mailwasher and lots o'
filtering action. Router activity has gone thru the roof, mailwasher filter
catches 2-5 infected emails a week, sometimes more. Lots of spoofed infected
email.

This reminds me of a few yrs ago when I had it out with Bellsouth DSL for
blatantly telling users "there is no problem". I consulted with a local
attorney (who btw for the same reasons also made the switch to Adelphia) who
publicly posted a class-action lawsuit to force BS to maintain a safe and
secure network. The threat of this and much exposure on DSL Reports finally
made BS get off thier duffs and close the open ports that were allowing this
traffic.

Whatever it may take, Adelphia itself, NOT JUST the consumer needs to be
proactive and admit that they have a problem.

marx404

John E. Malmberg

2005-05-08 17:14:12 UTC

Permalink

Post by marx404
Definately lots of virus and worm activity going around. Everyone I know
using Adelphia has been affected (or infected) in the past recent month.
Luckily I have taken extreme measures of protection, mailwasher and lots o'
filtering action. Router activity has gone thru the roof, mailwasher filter
catches 2-5 infected emails a week, sometimes more. Lots of spoofed infected
email.

I have seen exactly one obvious virus in the past few months. It was a
multi-hop exploit delivered through a real Earthlink mail server.

This is rare as most of the current viruses are direct to MX viruses
directly from infected computers.

Most of them should be being blocked by the dynablock.njabl.org list
that Adelphia is using, however that list is not as up to date with
dynamic pools as dul.dnsbl.sorbs.net.

What ones I see missing, I am reporting to the njabl.org as I get spam
from them, so hopefully that difference is shrinking.

The big thing that would block a lot of these viruses is not a virus
scanner on the server, but for Adelphia to start using the
cbl.abuseat.org as part of their spam blocking. It would also block
much of the remaining spam that is being let through.

Most of these direct to MX viruses get listed on the cbl.abuseat.org
with in minutes of the computer getting infected.

From the last report here that I saw from Mark Herrick, Adelphia was
not yet using the cbl.abuseat.org, and it is noticeable on the amount of
spam that is slipping through from source that are listed on it.

I have not yet heard of an incorrect listing on the cbl.abuseat.org
since it became available.

The easiest way to use the cbl.abuseat.org is to use the
sbl-xbl.spamhuas.org blocking list. This list is a combination of:

sbl.spamhaus.org - Which is being used by Adelphia.
opm.bopm.org - Which is being used by Adelphia.
najbl.org open proxy list - Which is being used by Adelphia.
cbl.abuseat.org - Apparently still not in use.

-John
***@qsl.network
Personal Opinion Only

Murray Watson

2005-05-09 04:06:11 UTC

Permalink

In adelphia.security-issues - article <stednadl_7Z61ePfRVn-
***@adelphia.com>, on Sun, 08 May 2005 13:14:12 -0400, John E.
Malmberg says...

Post by John E. Malmberg
The easiest way to use the cbl.abuseat.org is to use the
sbl.spamhaus.org - Which is being used by Adelphia.
opm.bopm.org - Which is being used by Adelphia.
najbl.org open proxy list - Which is being used by Adelphia.
cbl.abuseat.org - Apparently still not in use.
-John
Personal Opinion Only

That would depend on whether InterMail facilitates it. InterMail is
the facility which allows user level filters and a commercially
supported webmail interface, not something you can do with out-of-
the-box sendmail, qmail...

But, if Adelphia is going to allow themselves to be held out to dry
by InterMail, they are going to have to recognize the consequenses of
doing so.

At this point, even with a good network infrastructure, the security
oriented shortcomings of InterMail in a consumer ISP offering would
preclude my recommendation of Adelphia to anyone for consumer email
use. If you can't use the native email, it's not much good for a
consumer offering.

marx404

2005-05-09 11:53:41 UTC

Permalink

And thats exactly whay I suggest to all users to incorporate personal email
filtering DNS based software such as MailWasher. (btw- thanks JM for the dns
names)

It is apparent that Adelphia cannot or will not add or use whatever dns
servers that are current in data, thus allowing this recent illicit traffic.
Ergo, It is unfortunate that the responsibility has been placed upon the
paying customer to provide thier own protection above and beyond that which
is the duty of the ISP.

marx404