After reading the announcement concerning the vulnerability in MS Word / VBA, began to think proactively about the impact.
I started filtering .doc and checking them myself before forwarding them on. And sent out a notice to that affect. I do about 20 or so of these daily. Well, I was reluctantly supported by my manager. And now I am getting negative feedback because of the impact it's having. No 'real' complaints about delayed delivery. The social engineering is practically perfect on this. The virus on first pass, simply looks up every e-mail with a .doc. Infects it and re-sends it with "UPDATED" added to the subject line. Then e-mails others with "I forgot to send this." So the sender is known by the recipient on this one. Please let me ask you, especially if the VBA is polymorphic/self modifying, what are the chances, that if it got through the AV on your server, that your user would open this e-mail? As time goes by, the caliber and sophistication of viruses are getting better and not worst. Now, I hope that the payload does not turn bad on this one. Like the virus detects that it has sent to everyone that it could, then starts deleting files. Until the first virus hits and it's variants, Am I being cautious? Therefore, should keep the filter on. Or Am I over reacting? An need to turn off the filter. Your opinion is requested. Regards, Michael Henry The one responsible either way it goes. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
