As the Netsky virus continues to make mischief, an antivirus product supplier wants email administrators to stop sending automatic virus alerts.
Geoff Cossey, of Auckland company Chillisoft, was responding to news that Netsky had spoofed an address for a Ministry of Health mailing list, causing a flood of automatically generated messages between mailing list members. Cossey says the incident highlights an issue which for him, as supplier of the NOD32 antivirus product, is a particular bugbear.
“Netsky works by spoofing the from address, so the apparent sender is not the real sender. Mail systems which then send notification to the spoofed address that they have sent a virus are causing unwarranted alarm.”
Cossey says he gets a handful of indignant calls a week from NOD32 users who want to know how their virus-protected systems could be responsible for spreading Netsky. He has approached Auckland IT specialist lawyer Anne Hall to see if there might be a legal remedy under the Fair Trading Act.
But Hall says the possibility that the act might be invoked against mail system providers for wrongly representing that someone had sent a virus appears to have no merit.Nor does MoH technology head Warwick Sullivan (pictured) have any sympathy for Cossey’s complaint.
“The issue about spoofed emails is that no one can be blamed for them,” Sullivan says.
As an interim measure to avert the Netsky nuisance, the ministry has blocked the ability of incoming mail to automatically be forwarded to a collective email address. Sullivan says Netsky didn’t infect the ministry’s Lotus Notes system, which is protected by Mail Marshal. The MoH is working with the Mail Marshal supplier to find a permanent fix.
The virus harvests addresses from any number of online sources, including email address books, web caches and Word documents.
The collective address concerned contains up to 2000 names of potential attendees of an international health conference being staged in November in Wellington.