Invalid email address

[jerryctx]

Some months ago I added a fake entry to my email address book. By fake, I mean an address that doesn't exist such as "[email protected]." My reasoning was that a virus which propagates by sending emails would send to the fake address. I would get an error report from the postmaster and know my PC was infected.

A few days ago the postmaster complained. I scanned with my av and two on-line av scanners and found nothing. I then ran my Trojan scanner and found four Trojans.

I use an anti-virus, firewall and Script Sentry. What I haven't done is apply all IE patches after re-installing the OS a month ago (yes, I'm an idiot )

I'm posting this to

1) suggest you add an invalid address to your address book and

2) regularly scan with an anti-Trojan. Anti-virus programs do not look for most Trojans.

(You have, of course, applied all the IE patches, right?)

[ecross]

Adding a fake entry in the address book of your email is actually a pretty good trick. It will prevent a worm from using the address book to spread further, but it will not prevent the virus from getting into your computer. In theory this will work, but some worms will not be able to handle undeliverable mail. Others will just ignore the non-delivery report and will continue with the next address in the contact list.

[anarchyreigns]

Adding a fake address won't do anything!

I don't know how many times this has to be said....but....modern mass email worms do not, I repeat, do not use your email client to send out mails. They all have their own smtp engines built in, and in fact, they don't even use your ISP's mail servers either. They gather email address from the email clients address book (and elsewhere), but they do not use that client to send out a mass email. A machine that doesn't even have an email client installed on it, can, when infected with...say Klez....still send out a mass email.

The only worms this "technique" will stop are of the old variety of the Mellisa type, going back to 1998/99 or so........not any of the new ones that have been released in the last two or three years or so.

[ecross]

You're right anarchyreigns!

Personally, I never really made an invalid entry anyway. I was always told which seemed a good trick at the time when I didn't know anything about it. I knew that this wouldn't work with all, but I actually wasn't aware of that it could only work with a few older types. After doing some reading at Symantec, they STRONGLY recommend that you ignore this.

See Does creating an "!0000" or other "trick" address book entry prevent the spread of viruses?.

[Mowergun]

It appears to me that you can't argue with success. Although modern worms have their own smtp engines, they still glean email addresses from your address books and I presume other places in your machine. Adding a phony address had it's intended purpose in this case of triggering an error report or undeliverable mail notice or whatever which alerted Jerry that something or someone had compromised his security. Just one small bullet in the arsenal of security.

Mowergun

[anarchyreigns]

Originally posted by Mowergun
Adding a phony address had it's intended purpose in this case of triggering an error report or undeliverable mail notice or whatever which alerted Jerry that something or someone had compromised his security. Just one small bullet in the arsenal of security.

Mowergun

In most cases, however, this won't occur, again due to the fact that most email worms from Klez on up now forge the "From:" address. The person getting the "undeliverable" mail notice will not be the person who actually sent it.

[Mowergun]

In most cases, however, this won't occur, again due to the fact that most email worms from Klez on up now forge the "From:" address. The person getting the "undeliverable" mail notice will not be the person who actually sent it.

Good point. So I guess it would only be a rimfire, but still it costs nothing to do it.

Mowergun


P.S. I added my fake address to my address books after finally getting a return notice from postmaster. My first choice, "[email protected]" turned out to be a real address, so I had to go with my second choice, "[email protected]".