Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
"...a message was inadvertently transmitted to members of the Google media e-mail list that contained a virus-infected attachment."
The emails apparently sent via YahooGroups do look as though the headers authenticate. No attempt to contact Google to confirm has been attempted - Google rarely comments on security matters.
I am aware of a > 10 000 employee UK company (not Internet related) that has had nearly a million virus payloads sent to it in the last few weeks.
It is your responsibility as the receiver of the email to verify that the originator is who they say they are, and that the content is intact and safe.
Never assume that anything is safe to open without checking it out first, as that is one of the major presumptions that helps to spread viruses.
Everyone else, you know how easy it is to let your guard down, miss an anti-virus update on just one computer. Would you appreciate it if no one read your email again because you messed up once?
I'm sure Google learnt from the mistake, the IT department got chewed out, and they will be much more careful in the future.
Would you appreciate it if no one read your email again because you messed up once?
If I had an email newsletter that never sent out attachments and then one day it sent out a virus in an attachment to some subscribers and then I notified all my recipients that a virus was accidentally sent out then if only two days later a subscriber received an email saying it was from my newsletter with an uncustomary attachment then I would hope they would hit delete ASAP.
They're media darlings, the darlings of the SEO world and commonly defended and accorded unprecented support by webmasters and others who drool over them like a hot date. Look at the posts in this thread for examples.
If Microsoft did this, it is fairly safe to assume that some of the same people would be calling for their heads...
Hand is up. There's a related problem though. Somebody else out there is always hit. This can be just as serious.
>> Would you appreciate it if no one read your email again because you messed up once?
The last couple of days, i've been sending out Sobig's it seems. Of course anyone with technical insight will know that it was not me (header info), but anyhow it's my email that gets inserted into the "From" field because someone out there is infected and has an email from me in their mailbox, and this is just getting copied by the virus.
It's a pain. These good people have now sent my email addy to a lot of addresses i could'nt ever dream of sending to myself. And all i get for notification is the "Mailer-Demon" bounced replies when their virus-spamming fails. Best of all, they didn't even know they were sending this stuff out. Anyway, they do since yesterday as i tracked them down, but still their virus did harm to me, by broadcasting my email address without ever infecting my own machine.
If anyone in my organization messed up in this way "once"....it would be the only time they would have that opportunity.
Any corporation that hasn't run a policy of basic network protection for the past 8 years or more needs to seriously think about its future.
I had our contract of employment changed in 1995 to make this type of act a dismissible offence......looks like Google needs to get with the times!
I am happy to say that in the past 8 years no one has fallen foul of this type of act!
Security is paramount to any serious software or Internet based company....be sloppy, be history:)
I cant afford to never trust emails from these guys again (several are clients and many are potential clients) and will just use my normal spam detection procedures just as I do with Google emails.
I just think some here are getting a bit carried away.
This is a problem that if we applied the same standards as people are suggesting here that we should for Google, then a great many corporates, including massive MNC's are also at fault and have also been bitten by a PR worm.
In the Google case, it wasn't a forgery....it was them that sent out the virus ridden email....which is very different.
However i have had 3 people from these companies already sending personal apology emails to me for "Sending a virus". I would guess that is just a part of the iceburg of companies who were caught, as it wuld only represent a small percentage of those affected i guess, and not just forged emails.
Preception is also reality. I'm assuming that 98% who receive one of these things from my email address will blame me, but I hope they are not as fast as you to not trust me or ban me from sending them email..
Someone that you know has the virus on their machine. That machine is the one that is sending out the virus. Those messages have a fake email address on them. That faked address is the address of someone known to the person who owns the infected machine. In fact, the messages have your email address on them. Some of the sent messages fail to reach their target and are returned to sender. Since the (faked) email headers say that you sent them, then they get returned to you (rather than to the real place they came from). That is what you are seeing.
What really get to me, are these autoresponders or spam filters that automatically send back or bounces back the forged emails to me because my addy is in the 'from' field when any human can see from the headers that the email did not originate from my server.
In my wish list...a standardize intelligent email filter that would compare the 'from' field to the host server in the 'received from' of the header, any email that fail this test is immediately send to the black hole.
Google do indeed use Linux for the Google websites and as an operating system for Google web search. What we need to remember is it was not Google directly that was attacked it was Googles PR department. Normal office set-up with windows pc's all with email access. One got through and caused all this.