[68035] in North American Network Operators' Group
Re: Possibly yet another MS mail worm
daemon@ATHENA.MIT.EDU (Rubens Kuhl Jr.)
Sat Feb 28 19:46:43 2004
Reply-To: "Rubens Kuhl Jr." <rubens@email.com>
From: "Rubens Kuhl Jr." <rubens@email.com>
To: "Todd Vierling" <tv@duh.org>, <nanog@merit.edu>
Date: Sat, 28 Feb 2004 21:45:46 -0300
Errors-To: owner-nanog-outgoing@merit.edu
> It's annoying how easily these things spread even though they don't rely
on
> a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*,
so
> it requires opening the zipfile and then running the program inside it.
Of
> course everyone will run it, even though it's named dygfwefuih.exe (random
> characters before .exe). <grumble>
Being in a zipfile is exactly why these things work: most mail systems
nowadays drop executable attachments without mercy, but a zipfile may be a
compressed document. Not every mail system screen incoming messages with
anti-virus.
People writing this worms don't know just a bit about human behaviour, they
seem to keep up with trends in mail systems administration as well.
Rubens
