Re: new nasty email virus trick to bypass scanners
At 09:53 PM 03/12/2003, Jamie Reid wrote:
If an attacker can convince a user to do anything, all bets are off.
It is conceptually similar to using SSL to evade a network IDS.
This is also an intrusion test trick. As system owners, there is only so much we can do to prevent and detect compromises. What matters is how we respond.
True enough. However, we also have to protect naive and vulnerable users to some degree. Think about elderly folk. They are not necessarily as quick to spot the scam. The ability to stop the virus before it gets to them is important. The other thing that worries me is that those who rely on their ISP to scan for viruses, a false sense of security can come into play. In the case of these types of email viruses, the user might think the file is OK because it was scanned. ---Mike
At 09:53 PM 03/12/2003, Jamie Reid wrote:
The other thing that worries me is that those who rely on their ISP to scan for viruses, a false sense of security can come into play. In the case of these types of email viruses, the user might think the file is OK because it was scanned.
The AVScanner should indicate that the file couldn't scan because it is password protected and hence opening the file may be risky. Priyantha
It takes a good combination of both ISP and end user to fight spam, I have a tool in this editor for reading msg that allows me to tag a spammer and block the ' user@host that gets by the isp scan tool. Common sense, in these times shows you to not open emails from strangers especially with *.zip files unless they are coming from a known party based on some kind of dialog prior to it being sent and received. -Henry Priyantha <priyantha@wightman.ca> wrote:
At 09:53 PM 03/12/2003, Jamie Reid wrote:
The other thing that worries me is that those who rely on their ISP to scan for viruses, a false sense of security can come into play. In the case of these types of email viruses, the user might think the file is OK because it was scanned.
The AVScanner should indicate that the file couldn't scan because it is password protected and hence opening the file may be risky. Priyantha
On Thu, 04 Dec 2003 09:52:10 PST, Henry Linneweh <hrlinneweh@sbcglobal.net> said:
Common sense, in these times shows you to not open emails from strangers especially with *.zip files unless they are coming from a known party based on some kind of dialog prior to it being sent and received.
Common sense always loses when fighting against the promise of dancing hampsters.
Today at 15:08 (-0500), Valdis.Kletnieks@vt.edu wrote:
Date: Thu, 04 Dec 2003 15:08:04 -0500 From: Valdis.Kletnieks@vt.edu To: Henry Linneweh <hrlinneweh@sbcglobal.net> Cc: nanog@nanog.org Subject: Re: new nasty email virus trick to bypass scanners
On Thu, 04 Dec 2003 09:52:10 PST, Henry Linneweh <hrlinneweh@sbcglobal.net> said:
Common sense, in these times shows you to not open emails from strangers especially with *.zip files unless they are coming from a known party based on some kind of dialog prior to it being sent and received.
Common sense always loses when fighting against the promise of dancing hampsters.
Empirically speaking, common sense does not appear to be common at all. ;-)
Common sense, in these times shows you to not open emails from
especially with *.zip files unless they are coming from a known party
strangers based on
some kind of dialog prior to it being sent and received.
Common sense always loses when fighting against the promise of dancing hampsters.
Empirically speaking, common sense does not appear to be common at all. ;-)
Quite so; as I always like to say: "Common sense is not a common virtue"[1] [1] Apologies to Adm. Nimitz and the Marines on Iwo Jima
participants (6)
-
Christopher Chin -
Henry Linneweh -
Mike Tancsa -
Priyantha -
R. Benjamin Kessler -
Valdis.Kletnieks@vt.edu