More SoBig fallout: blacklists

In my mail this morning, along with the few SoBig messages that made it past my ISP’s mail virus filter and my junk mail filters (see this entry at MacOSXHints for a rule to filter the rest as junk manually), was a notice from Yahoo! Groups that my account had been paused because I had exceeded the maximum number of bounces to my email account. I clicked the provided link to reactivate my account, then looked at the bounce history. Interestingly, only one bounce happened during SoBig; the rest were ancient history. But the email that bounced yesterday was hard bounced by my ISP because the IP address that sent it had been blacklisted. Not by my ISP, by SpamCop.

Now think about the implications of that. Because of an email worm with its own mail engine, not just ISPs and spammers but innocent users could end up on blacklists run by third parties—with no warning. Maybe Dave and others are right about this being the end of email.

On finishing Dhalgren

Samuel R. Delany’s Dhalgren has been my “current reading” since the beginning of the summer; I was beginning to think it had taken up permanent residence in the lower left corner of my blog. I finally finished it in the airplane on the way to Pennsylvania last weekend. The book is, as Jonathan Lethem writes in a cover blurb, a labyrinth that swallows readers alive; it is also a profane bit of countercultural magic. Delany’s Kid explores his own broken mind, his sexuality, and the landscape around him even as he discovers the magic of the written word. The sudden shift to multiple simultaneous viewpoints in the last 150 pages of the novel kicks everything into overdrive.

At the same time, I think I know why I never read the book before—for one thing, it’s a sure bet to have been removed from my hometown library shelves at some point or another. But I also think even if I had found a copy I would have had a hard time getting through it. It’s one of the few “science fiction” books I know that is an easier read if you’ve finished Joyce’s Ulysses first.


Lawrence points to a story that sez Sobig is aptly named: the fastest spreading virus ever. Guesses as to what made it spread so quickly: a combination of good social engineering (randomly selected forged return addresses) and good spam-filter-busting capabilities (the rotating subject lines, the changing return addresses, the changing attachment name). No surprise: the BBC says that Sobig seems to have been written by a spammer who needed a way to get his messages past spam filters.

Frustrating point about this worm: it really has nothing to do with Outlook. It doesn’t exploit any Outlook vulnerabilities—except maybe the fact that it’s easy to click and execute an attachment in Outlook, and to read Outlook address books. The worm carries its own mail sending engine around with it. And because the worm is so self reliant, it isn’t easy to avoid it—there’s no “magic bullet” patch that will keep it from spreading. Except behavioral changes on the part of users, and maybe switching OSes.