Am I a Spam Zombie?

ReallyCurious asks: "Recently, I've noticed a lot of junk email in my inbox reporting 'Mail delivery failure' or 'Undeliverable'. Some of these had documents attached, so I figured this was just a worm variant. But these messages keep coming. I worry that my machine has been turned into a 'Spam Zombie'. I don't see any suspicious processes running, but maybe it only runs for a few seconds, and at irregular times. I run a Windows 98 laptop, sometimes wirelessly connected to broadband (a few hours a day, on average), but I had to remove my virus software years ago because it was locking my system up, so I'm wide open. I've tried to be a good citizen and have been shopping for new virus software, but prices are running $40-$70, and most of these are just for upgrades (not even counting the mandatory 'subscriptions')! Is there an open or free virus fighting solution that's reliable and available for Windows? I'd be happy to run it ASAP."

You're not infected

[oKtosiTe]

I've been having the same, and I know for a fact I'm not infected. This is just another worm.

We get the same thing all the time...

[Anti_Climax]

We get bounces to the support address at the company I work at all the time. Someone has decided to use our support address as the 'from:' address in their crappy spam. Anytime they send it to a non-existant address, we get the bounce. Our system is updated and locked down, so they aren't coming from us, but YMMV.

Either way, I'd suggest running that address through a spam block of some kind to filter out the crud or just give it up entirely if you can.

Housecall

[jgaynor]

Bah. Im suprised no one has mentioned housecall yet:

http://housecall.antivirus.com [antivirus.com]

Housecall is a web-based virus scanner that, since it is loaded anew every time, always has the latest virus definitions. Since it installs nothing but temporary cache files, you dont have to worry about it slowing down your machine.

Because of the nature of the application it can't always clean the offending virii/malware, but it will at least alert you to their presence and give you their names so that you can manually remove them. When combined with stinger [nai.com], spybot [safer-networking.org] and google [google.com] it's an excellent choice for on-site calls to machines without AV or for your old boxen that just cant afford the extra cycles for full-time AV bloat.

If you prefer to do the offline thing, try the Knoppix anti-virus distribution [oreillynet.com] (weak link I know). Once again it isn't a permanently installed application and since the OS isn't running it can slap down bugs before they're loaded into memory.

Cheers!

Re:Housecall

[Anonymous Coward]

(Posting AC so I don't undo my mods)

I've used housecall a few times to scan some machines. I works pretty well, and since it's web based you don't have to install anything. The downside is that it's for IE only so it may not be an option for some (hopefully many).

For offline scanning, I'll repeat the numerous recommendations for Grisoft's AVG free scanner
http://www.grisoft.com/us/us_index.php
A fter testing it on a few machines, were planning to purchase the server edition to scan all incoming email before it even hits the inbox.

Almost right

[Mycroft_514]

Except for the part about degradation of the registry. Look, I've got systems that are running Win 98SE and even 2 still running Win 95.

One of the Win 95 machines has been running for 7 YEARS without having to reload the OS. I have swapped hardware in and out, and changed drivers. The last time the OS was changed was when I put the 6 Gig drive in (1997) and I needed to upgrade from Win 95 ver B to ver C (B didn't support drives that big).

One of the Win 98 machines is now 4 years old, with no reloads, the other is only about 18 months old.

I run them all now on a router with a hardware firewall. The 95 machine is hardwired, the 98's are Wi-fi. Cable modem coming out the other end. There is NO anti-virus software installed, though adaware still runs on them every so often. I did install all the patches from MS.

Oh, and one more item of security for your Wi-fi system. Put passwords on your disk drives. You can teach all the other machines in your network to remember the passwords, but joe drive by can not access the drives if he breaks thru the first layer of security. Like anything else, he will go somewhere else where it is easier to get thru.

Re:I don't get it....

[Godeke]

Insufficient. If you hook Windows directly up to broadband to get WindowsUpdate running, you have a good chance of being infected before you are patched. Software firewalls don't block everything, so Step 6 is insufficient, unless you have a machine proxying, NATting firewall or a true firewall. Even then you put a vulnerable machine on your local network, which may have unpleasant surprises in store for you.

A better option is for step 8 becomes: get all windows updates and security fixes ON CD, because otherwise you expose your machine prior lockdown. Likewise, turn off unneeded services (you don't need to be sharing files and printers, why the heck would you leave the SMB server running?) prior to connecting to a network.

Yet, even with all that you end up with the problem of vulnerabilities that are not patched prior to the exploit being generally available. Yes, using alternate programs and avoiding untrustworthy websties sounds good, until you make a typo and end up at an untrustworthy site by accident. (Or shall we decree the typo a death penalty offense). I recently saw a typo site trying to exploit the Firefox 1.9.2 vulnerability to install adware (which didn't work since I was on Linux as I am right now, but they tried...)

In the end, perhaps having a virus scanner in memory to detect things that get through all your other work might be wise. Otherwise that high and mighty "almost no way you can get hit" will bite you back when the almost part comes true and you don't even know it happened. Remember: security is about defense in depth and a big ego provides little depth.

I personally don't care for anti-virus software (it is a little late in the cycle for my taste), but to avoid using it on the corporate networks I care for would be gross negligence on my part, opening me up to potential legal liability. Suddenly $22 a machine a year looks pretty good, even as I take all the other steps to avoid needing it in the first place.

Re:OMG

[Reene]

For a long time (5+ years) I ran Windows 98 because I couldn't get online under any other operating system (and I tried a lot of them) and couldn't afford a $60 dialup modem that would allow me to do so.

For a large part of that time I ran no firewall, used an online remote virus scanner sporadically at best, and reinstalled only once. In all that time, my computer contracted only one virus (a non-serious one at that), and this was due to a less computer-savvy relation of mine browsing the internet using Internet Explorer while I was out of the house and unable to show her how to use Mozilla.

So what is my motivation to say all this? There is a point that justified bias crosses the line into unjustified bias. Going online in Windows 98 without iron-clad virus protection and 3 firewalls does not guarantee the crippling of your computer to the point of being unable to use it if you know what you are doing. Now, undoubtedly the rules change when it comes to your "average" user, but even then it takes a relatively small tutorial in what not to do to keep them rather safe. I know this because it took me about 10 minutes to teach my 63 year old grandmother the basic (and most important) rules of going online without getting viruses or malicious dialers and the like and a friendly reminder every now and then when she forgets or gets confused.

Of course now I use SuSE and I worry even less about that sort of thing now. I'm tempted to go back to using my Windows 98 partition to be honest, because I can't for the life of me get my HP scanner working (and as a quasi-professional artist this is a Bad Thing) and I've had several problems with keeping dialup working. Problems that I needless to say do not have in Windows.