Blaster: A couple people in this immediate office got hit. It was easy enough to patch and remove though. One of our other IT groups is also distributing CDs with the patch and removal tool to anyone who needs one. There was also a lot of port-blocking at various segments of the network, and some associated controversy.
SoBig: As Deanna said, we've declared a "crisis". I don't think I've ever seen that happen before. There's a lot of email administrators that are doing various scanning, attachment removal, and notifications going on, but it's more of a "let's see if this helps" approach by individuals rather than a serious policy approach. On one of the main email servers, they have a standard script in place for any email attachment virus that notifies the sender that they have sent an infected email. Of course, since this spoofs both the From: and To:, it's a completely bogus message. So now with the followup messages there's double the traffic. Wheeee! -Kevin ----- Original Message ----- From: "Heald, Tim" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 11:29 AM Subject: RE: Clean off > Thankfully between gov't email and speakeasy's amazing services I am > relatively untouched by the madness around me. > > How bad is it for other people? I am writing a special topic paper on soBig > and the blaster variants, and tying it into change/patch management > practices. I would really love to hear back from anyone that's been hit, > about how they have dealt with it. Also those that weren't affected, what > practices and policies do you have in place to help you mitigate some of the > threat? > > Thanks, > > Timothy Heald > Information Systems Specialist > Overseas Security Advisory Council > U.S. Department of State > 571.345.2235 > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2003 12:26 PM > To: CF-Community > Subject: Clean off > > > I'm assuming everyone is covered by spam at the moment can can't post. If > so, > how about using CF to do your cleanup for you. Use CFPOP to get all the > headers > from your mail box (or maybe the first 20-50 at a time) and then run this > against the returned query: > SELECT Subject > FROM Spam > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR > Subject LIKE '%Approved%' OR > Subject LIKE '%Details%' OR > Subject LIKE '%Wicked screensaver%' OR > Subject LIKE '%movie%' OR > Subject LIKE '%your application%' OR > Subject LIKE '%attachment%' OR > Subject LIKE '%failure%' OR > Subject LIKE '%failed%' OR > Subject LIKE '%returned%' OR > Subject LIKE '%virus%') > ORDER BY Subject > Anything that comes back can be routed to the screen so you can view the > subject > and other info. If its spam, just tell CFPOP to delete it. Saves on the > downloading and can even be automated more. > If you have access to your mail server, I've got an additional script > suggestion > that'll do the job automatically by detecting any mail files with viruses in > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. > > Michael Dinowitz > Finding technical solutions to the problems you didn't know you had yet > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
