Cypherpunks response to viral stimuli

Riad S. Wahby rsw at
Mon Feb 2 15:09:55 PST 2004

Tyler Durden <camera_lumina at> wrote:
> And then, is it possible to create some kind of filter that stops these 
> replies?

If it's the type of virus that delivers its payload as soon as it's
viewed (relying on bugs in MSOE or whatever), then it's possible that
such a thing could go undetected, especially if AV signatures haven't
been updated to stop it.  Of course, you could also just put a web bug
in an HTML email sent to the list and wait for people to view the
message in the proper viewer (read: MSOE, &c).

Other than relying on bugs (or "features") of the mail client,
however, it seems that any such system relies on the user opening a
malicious attachment.  Any reasonably clueful person knows not to do
this, so the answer to the filter question is yes; lack of stupidity
is a filter that will stop this sort of attack.  Of course, this
assumes that the mail client doesn't automagically execute the
payload; on the other hand, it could be argued that using such a
client is itself an act of stupidity.

There's another answer as well: subscribe to a moderated node that
demimes messages before passing them on.  Viruses won't get through at
all, nor will HTML email.  LNE used demime before its demise; and do as well.

Riad Wahby
rsw at
MIT VI-2 M.Eng

More information about the cypherpunks-legacy mailing list