Re: Time to start preparing - bagle.h

Wed, 03 Mar 2004 09:44:26 -0800

I am seeing the file inside of the .zip as being .exe+. Norton gateway is not seeing this as a variable of .exe and it is letting the message through. I have sent Sarc a copy this file. I hope they will release an update to allow blocking of .exe+.
The bad part about it is the password for the exe+ is in the body of the message and its relying on the end user to type it in. I know for a fact I have some users who will do this. Scary......


Steve wrote:

Well I think we all saw this coming.  Originally it was safe to allow
zip's to pass through and we all know that is no longer true.  I
personally have been at a 0 day infection site (when no pattern file was
available) twice in the past 3 weeks for two different worms that came in
as zip files Now this:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.H


A worm\virus that comes in as a password protected zip.  Now things are
going to get interesting on how we protect our mail systems.  Any one have
any thoughts?  One of the ideas that is being tossed around here is
stripping all attachments and storing them in a central DB and replacing
the attachments with URLs (via 3rd party program most likely).  This would
put all the attachments in a central store and be easier to manage and
during an outbreak we would have more power over the data in that
repository and who can access it (makes cleaning up easier too I would
think).  Anyhow, time to start planning and being proactive....any ideas?

Steve

_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.





_________________________________________________________________
List posting FAQ:       http://www.swinc.com/resource/exch_faq.htm
Web Interface: 
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe:         mailto:[EMAIL PROTECTED]
Exchange List admin:    [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016

Please include the email address which you have been contacted with.

Reply via email to