[68045] in North American Network Operators' Group
Re: Possibly yet another MS mail worm
daemon@ATHENA.MIT.EDU (Michael Wiacek)
Sun Feb 29 21:16:31 2004
Date: Sun, 29 Feb 2004 21:16:59 -0500 (EST)
From: Michael Wiacek <lists@iroot.net>
To: "Rubens Kuhl Jr." <rubens@email.com>
Cc: Todd Vierling <tv@duh.org>, nanog@merit.edu
In-Reply-To: <1b2d01c3fe5d$5fe3e3d0$020ba8c0@NOTEBOOK>
Errors-To: owner-nanog-outgoing@merit.edu
I believe the point is, your mail scanner should be able to
scan something as simple as zip compressed attachments. If
it can't, you may want to rethink which program you use.
Most open source and commercial scanners can scan inside zip
files.
mike
On Sat, 28 Feb 2004, Rubens Kuhl Jr. wrote:
>
> > It's annoying how easily these things spread even though they don't rely
> on
> > a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*,
> so
> > it requires opening the zipfile and then running the program inside it.
> Of
> > course everyone will run it, even though it's named dygfwefuih.exe (random
> > characters before .exe). <grumble>
>
> Being in a zipfile is exactly why these things work: most mail systems
> nowadays drop executable attachments without mercy, but a zipfile may be a
> compressed document. Not every mail system screen incoming messages with
> anti-virus.
>
> People writing this worms don't know just a bit about human behaviour, they
> seem to keep up with trends in mail systems administration as well.
>
>
> Rubens
>
>
>
>
>
> !DSPAM:404137ae74191246918873!
>
>
