[ale] email virus? rehash.... with onions
Michael Phillips
mike at coosavalley.net
Wed May 8 08:22:17 EDT 2002
That's why we use Sophos (http://www.sophos.com) here at work. Sophos has an alert mailing list and our "bug" server (linux of course) is configured to push the updates out automatically. I have seen 7 updates on a single day some days.
Our mail server is updated by the same mechanisim and the combination of Sophos/Amavis/postfix has served well. ALL mail inbound and outbound is scanned twice...on the server and on the client end.
Sophos has stopped Klez in it's tracks here as well as all manner of other nasties.
While I don't represent them, I can recommend them whole heartedly...great software and a great company to work with.
Mike
On Tue, May 07, 2002 at 08:11:18PM -0400, James P. Kinney III spake thusly:
> A true scenario, but Mallory's AV scan was still showing clear for
> several weeks until the updates caught up with reality.
>
> Many people I have dealt with have AV software. Some even have it setup
> to automatically check for updates on a periodic basis. The default
> upgrade time seems to be about a week.
>
> So, worst case is 7 days from infect to upgrade. On a corporate machine
> in use by the VP of finance, this could be a serious disaster.
>
> On Tue, 2002-05-07 at 20:04, Kevin Krumwiede wrote:
> > No. What was happening was that Mallory would send a virus-laden email
> > to Bob, using Alice's name in the "from" field. Bob would warn Alice
> > that her computer was infected, but of course her AV scanner wouldn't
> > find anything. Meanwhile, Mallory would remain oblivious.
> >
> > Krum
> >
> > On Tue, 2002-05-07 at 19:48, Jeff Hubbs wrote:
> > > Just so I understand the implications fully...
> > >
> > > When Klez first spread in the wild, was it going undetected by the usual
> > > Windows anti-virus software, even if said software was using current
> > > updates of their signature files?
> > >
> > > If so, then I find this VERY damning.
> > >
> > > - Jeff
> > >
> > > James P. Kinney III wrote:
> > >
> > > > That brings up an interesting argument for the eradication of M$ on the
> > > > corporate desktop. The viral spreading of confidential information could
> > > > be viewed as a bigger security threat than just the headache and hassle
> > > > of a network getting trashed by a bug going haywire.
> > > >
> > > > On Tue, 2002-05-07 at 17:55, Irv Mullins wrote:
> > > >
> > > >>On Tuesday 07 May 2002 05:29 pm, you wrote:
> > > >>
> > > >>>On Tue, 2002-05-07 at 17:07, Cade Thacker wrote:
> > > >>>
> > > >>>>I cleaned out my mail box the other day, so I don't have the discusion
> > > >>>>that you all had the other day, but I just go a bounce back of an email I
> > > >>>>did not send. Attached is a small file that "file" returns the following:
> > > >>>>
> > > >>>>border.bat: MS-DOS executable (EXE), OS/2 or MS Windows
> > > >>>>
> > > >>>>What was the summary of this puppy? something to do with W32/Klez?
> > > >>>>
> > > >>>http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.htm
> > > >>>
> > > >>Thanks for the confirmation.
> > > >>It's interesting to take a look at the third (random, I guess)
> > > >>file that is attached to those worms. Using khexedit or similar,
> > > >>I have found html, jpg's, and a "confidential" business report
> > > >>so far.
> > > >>
> > > >>We need smarter worms, which can look for pictures of "girlfriends"
> > > >>to send out :p
> > > >>
> > > >>Regards,
> > > >>Irv
> > > >>
> > > >>---
> > > >>This message has been sent through the ALE general discussion list.
> > > >>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > > >>sent to listmaster at ale dot org.
> > > >>
> > >
> > >
> > >
> > >
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > > sent to listmaster at ale dot org.
> > >
> >
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> > sent to listmaster at ale dot org.
> --
> James P. Kinney III \Changing the mobile computing world/
> President and CEO \ one Linux user /
> Local Net Solutions,LLC \ at a time. /
> 770-493-8244 \.___________________________./
>
> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
>
>
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
--
------------------------------------------------------------------
Michael Phillips mike at coosavalley.net
Talladega, AL 35160 http://trcc.coosavalley.net
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list