Brightmail, are they spammers?

[Bible]

Has anyone been receiving curious e-mails from some mailer bot, saying they
have intercepted virus mails? The actual notification contains viruses of
which i can find no information. At the bottom of the notification is a
link to Brightmail's website, hmm. This raised suspicion somewhat, so i
contacted Brightmail and received this response......
"Dear John Hewitt,
Please take a moment to read this email so that you can understand why you
are receiving the emails you have contacted GBC and Brightmail about, and
how these emails can be stopped.

Brightmail provides anti-spam and anti-virus software to service providers
such as BT Openworld and Easynet. One of the features of this software is
that it will remove the virus (or the virus infected file) from the email,
and send the cleaned email (along with any desired, uninfected attachments)
to you, the recipient. This message from Brightmail is inserted by the
software to inform you (1) that the virus has been removed, (2) what virus
it was, and (3) who sent the message to you. It also includes a link to a
Brightmail web site explaining all of this in much greater detail.

Worms such as Worm.Automat.AHB are the most prevalent form of viruses on the
internet today. When they infect a new computer, they will access the
address book and/or email folders on that computer and send copies of itself
to some or all of the email addresses it finds there. It is not uncommon to
receive many copies of a worm, especially when it is new, as people without
virus protection become infected.

If you wish to opt out of the anti virus filtering service, directly contact
your service provider and ask to be opted out of the anti spam and anti
virus services they provide with our software.

Best regards,

Customer Support Team"

All unsolicited mail is spam as far as i am concerned. And now i am
supposed to 'opt out' Can they get away with this?



John

 

[Bill]

All unsolicited mail is spam as far as i am concerned. And now i am
supposed to 'opt out' Can they get away with this?

It's the Swen worm causing it. Brightmail is a reputable anti-spam
company that many ISP's use to filter incoming mail.

 

[optikl]

All unsolicited mail is spam as far as i am concerned. And now i am
supposed to 'opt out' Can they get away with this?

They're not "spamming" you; they have nothing to sell to you.Their customer
is your ISP, not you. Although, ultimately I guess you could be considered
"the customer" in the value chain.
Brightmail is providing a service, which "your" ISP has approved. As
Brightmail correctly stated, if you have an issue with this, contact your
ISP.
Maybe they'll make sure you don't get Brightmail's notification. Then your
mailbox can fill up with malicious code.

" And now i am supposed to 'opt out' Can they get away with this?" It's a
shame you've been so inconvenienced.

 

[Steve M (remove wax for reply)]

They're not "spamming" you; they have nothing to sell to you.Their customer
is your ISP, not you. Although, ultimately I guess you could be considered
"the customer" in the value chain.

John, I think you are undergoing the same treatment that my ISP does.
I have received about 100 copies of the Swen virus. At present, Norton
/ Symantec is identifying this incorrectly as the Automat.AHB virus.

http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

Even with the wrong name, at least it's getting stopped. I appreciate
this protection, in particular because my virus software can't update
itself automatically right now because of a separate problem with
Windows.

Also, the filtering reduces the size of the email from about 150 KB to
5 or 15, depending on the type of transmission. Finally, the
notification adds a text string that is helpful to filter on and
divert the notification messages to a folder away from my Inbox.

On the other hand, there's is absolutely no point to forwarding to me
the empty "carcass" of the email that originally contained the virus.

That policy made sense in another time. It was when many viruses were
being spread via macros in Word and Excel documents. A sender would
send a file to a known recipient, not knowing it was infected. It
made sense to filter incoming email for viruses and to tell the
recipient about the virus. That way the recipient could contact the
sender to warn them about the infection.

But that behavior makes no sense with the Swen / Automat.AHB virus.
This virus puts fake From: information in the header. I examined more
than 30 messages in detail to identify the sender. None of them were
people that I know, and I presume that the addresses are fake. The
ISP's that sent the infected emails are located around the world,
including many countries that I have *NEVER* corresponded with.

The notification lets me inform those Internet providers that they
have infected computers on their network. But I feel that I am in the
small minority who knows enough to read headers and extract this
information.

And sadly, the networks that serve these senders are often poorly
administered and lack the tools, knowledge, and motivation to police
their systems.

IMO, Brightmail (and Road Runner) should give users at least the
option to simply delete not only the attachment, but the infected
email entirely.

For most of us, the virus notifications such as John is receiving are
having the exact same effect as spam. They count against his mailbox
quota, they clutter his inbox, waste his time, and they might cause
wanted email to be bounced, go unreaded, or deleted by mistake.

A better policy might be for the ISP to not only delete Swen-infected
email from their customer's mailboxes, but to analyze the headers and
put the sender's ISP on their own internal block list. That way they
could refuse all email from that ISP. If the sending ISP wakes up one
day and realizes that their customers' email is being rejected, then
they can fix their problem and contact my ISP by other means to
request access again.

John, if this is clear to you, then I strongly encourage you to
contact your ISP and Brightmail again, to request that they change
their handling of this virus.

 

[FromTheRafters]

All unsolicited mail is spam as far as i am concerned. And now i am
supposed to 'opt out' Can they get away with this?

With or without that service, you would still get the same
number of what you are calling spam. You would however
be getting a larger volume because the e-mails would still
contain the rather large malicious content with each one.

If you opt out, it will be worse. They really are providing
you with a good service.

....you may want to filter out your Brightmail massages
locally using filter rules. You will be much better off
than many people are with this swen worm due to
Brightmails efforts.

 

[Art S]

But that behavior makes no sense with the Swen / Automat.AHB virus.
This virus puts fake From: information in the header. I examined more
than 30 messages in detail to identify the sender. None of them were
people that I know, and I presume that the addresses are fake. The
ISP's that sent the infected emails are located around the world,
including many countries that I have *NEVER* corresponded with.

Did you take a look at the return-path? That seems valid to me.
Of course, the few times I tried sending an email to it, the account was
full and all emails were being bounced...

Art

 

[Bible]

I appreciate them filtering, but they include a link to their site which I
think is cheeky.

John

 

[Gabriele Neukam]

On that special day, Steve M (remove wax for reply),
([email protected]) said...

A better policy might be for the ISP to not only delete Swen-infected
email from their customer's mailboxes, but to analyze the headers and
put the sender's ISP on their own internal block list. That way they
could refuse all email from that ISP.

I don't think this is such a good idea, if the infected mails are sent
from acluster hosted by AT & T (as it did happen with some Swen that i
received). If you go on with these tactics, you would soon put a block
on nearly all greater ISPs existing, isolating your own ISP from the
rest of the world.

Remember; large ISPs have millions of customers, and there will always
be a percentage among them which will never learn what a virus is, left
alone understand how to keep one's own machine free from these.


Gabriele Neukam

(e-mail address removed)

 

[me]

On that special day, Steve M (remove wax for reply),
([email protected]) said...


I don't think this is such a good idea, if the infected mails are sent
from acluster hosted by AT & T (as it did happen with some Swen that i
received). If you go on with these tactics, you would soon put a block
on nearly all greater ISPs existing, isolating your own ISP from the
rest of the world.

Remember; large ISPs have millions of customers, and there will always
be a percentage among them which will never learn what a virus is, left
alone understand how to keep one's own machine free from these.

Gabriele Neukam

(e-mail address removed)

--
Because of Swen, my address is changed.
Please contact (e-mail address removed)
Wegen Swen musste ich meine Adresse veraendern.
Bitte an (e-mail address removed) schreiben

Indeed. And, in case of dial-ups, hurt the innocents who happen
to dial-in the same IP (after an infected customer hangs up).

--J
Replies to: jNpolak(at)Ojuno(dot)Tcom

 

[Steve M (remove wax for reply)]

I don't think this is such a good idea, if the infected mails are sent
from acluster hosted by AT & T (as it did happen with some Swen that i
received). If you go on with these tactics, you would soon put a block
on nearly all greater ISPs existing, isolating your own ISP from the
rest of the world.

Remember; large ISPs have millions of customers, and there will always
be a percentage among them which will never learn what a virus is, left
alone understand how to keep one's own machine free from these.

I understand this is not a perfect solution.

On the other hand, any ISP that allows this kind of abuse to emanate
from their network needs to behave in a more socially acceptable
manner. Surely there are some ISP's and other organizations
(companies, governments, etc. ) that are doing a better job than
others:

(a) educating their users
(b) preventing incoming infections
(c) preventing outgoing infections
(d) shutting off infected computers when notified by other networks

My regretful conclusion is that I would rather that my ISP block all
communications from networks that persistently allow viruses and other
spam, even if it is associated with only a tiny minority of users.

Moreover, I'm glad you brought up AT&T. They are among the most
*notorious* in allowing their customers to spam from other locations,
and still allowing the spammer to operate a web site or email service
on AT&T networks. You can ask on many other forums what
administrators think of AT&T. They're not the only one:

http://groups.google.com/[email protected]

"... 5-6 years of working with ISPs and trying to keep a glimmer of
hope when one looks like it will turn around, only to be stabbed in
the back countles times (i.e. Sprint, UU.net, Verio, AT&T, etc etc
etc) brings one to a point where its time to say "You had your chance,
several chances, the game is over". '

http://groups.google.com/[email protected]

Most AT&T customers may be innocent, but at least they have a choice
of ISP's.

I won't do it for now, but I invite you to ask this question on
news.admin.net-abuse.email:

Is it fair to cut off some segment of customers of a large ISP because
of the spam and/or virus generated by a small minority of their users?
In certain cases, in particular the Swen virus, I say yes.

 

[Thomas A. Horsley]

If you wish to opt out of the anti virus filtering service, directly contact

your service provider and ask to be opted out of the anti spam and anti
virus services they provide with our software.

HEY BRIGHTMAIL!!!! I don't want to opt out of the filtering service,
I want your filter to stop sending me the "fixed" mails with the virus
stripped out. There is NO INFORMATION in them. All they do is clutter
my inbox. Please just DELETE THE INFECTED MAILS!!!!!

There. Now I feel better . I've got brightmail on my worldnet
account, and we have been badgering them for months (since the
previous major virus attack) to provide an option to just delete
the damn infected mails, and stop sending the leftover shreds
on to our inbox.

I can't imagine why this is hard, but apparently it involves
solving the halting problem or something...
--email: (e-mail address removed) icbm: Delray Beach, FL |
<URL:http://home.att.net/~Tom.Horsley> Free Software and Politics <<==+

 

[me]

-snip-
Is it fair to cut off some segment of customers of a large ISP because
of the spam and/or virus generated by a small minority of their users?
In certain cases, in particular the Swen virus, I say yes.

Funny coming from @rr.com :-/

--J
Replies to: jNpolak(at)Ojuno(dot)Tcom

 

[Bill ®]

Funny coming from @rr.com :-/

You hitt the nail on the head there. I think that rr.com has the least
concern of spamming from their ISP than any other.

 

[Steve M (remove wax for reply)]

Funny coming from @rr.com :-/

If you have an issue with a RR.com customer, please CC me. As an RR
customer, I am willing to make a stink about it. I don't want my
email cut off because RR allows a jerk to operate.

So far I have not been cut off from anywhere that I know of. The
times that this has been discussed on NANAE
(news.admin.net-abuse.email), the horror stories are in the Florida
and southeast USA areas. Apparently regional divisions of RR are run
like fiefdoms.

 

[Bill ®]

If you have an issue with a RR.com customer, please CC me. As an RR
customer, I am willing to make a stink about it. I don't want my
email cut off because RR allows a jerk to operate.

Perhaps, but rest assured that if rr.com doesn't mind spammers using
their ISP, they sure don't care about what one customer thinks.

rr.com is responsible for HUGE amounts of spam and has been for a very
long time.