[65638] in North American Network Operators' Group
Re: new nasty email virus trick to bypass scanners
daemon@ATHENA.MIT.EDU (Mike Tancsa)
Wed Dec 3 22:28:47 2003
Date: Wed, 03 Dec 2003 22:31:36 -0500
To: "Jamie Reid" <Jamie.Reid@mbs.gov.on.ca>, nanog@nanog.org
From: Mike Tancsa <mike@sentex.net>
In-Reply-To: <sfce5b97.027@imail.mbs.gov.on.ca>
Errors-To: owner-nanog-outgoing@merit.edu
At 09:53 PM 03/12/2003, Jamie Reid wrote:
>If an attacker can convince a user to do anything, all bets
>are off.
>
>It is conceptually similar to using SSL to evade a network IDS.
>
>This is also an intrusion test trick. As system owners, there
>is only so much we can do to prevent and detect compromises.
>What matters is how we respond.
True enough. However, we also have to protect naive and vulnerable users
to some degree. Think about elderly folk. They are not necessarily as
quick to spot the scam. The ability to stop the virus before it gets to
them is important.
The other thing that worries me is that those who rely on their ISP to scan
for viruses, a false sense of security can come into play. In the case of
these types of email viruses, the user might think the file is OK because
it was scanned.
---Mike
