Hi,
A combined reply:
> PIF's don't get opened automatically here. I got an pop-up dialog in which
> I could select 'open', ofcourse I didn't do it, heh, I'm dumb, but not a
> moron... Although... Ahwell.. that's something to discuss, but I think ppl
> who know a BIT about computers won't open that file manually, since it
> doesn't have a subject and it comes from a stranger, and they still got in
> mind not to interact with strangers, har!
I think this is one of the worms that, in some Outlook versions, get executed
automatically. The mime type says audio/x-wav which makes Outlook think it's
safe, so it passes the file on to Windows which doesn't know mime types and
looks at the ".pif" extension and then decides to execute it. This is a
recently discovered Outlook/IE vulnerability.
The list was already configured to block binary attachments. This has stopped
quite a few worms in the last months. But since this one was
"multipart/alternative", which wasn't recognised as an attachment. Also, it
was small enough to fit under the size limit.
> Just a thought: The majordomo has the list of ppl subscribed
> to this mailing list. Why not set up a filter that only accepts mails
> from a subscribed address.
>
> Hm, as I'm typing this, I already know the answer: it's pretty
> simple to fake a FROM field in a mail, so filtering on that won't
> do any good.
That's not the problem. These worms are sent by infected machines, not by
people with hostile intentions. It's a simple fixed algorithm, not some
cracker trying to figure out a hole in the filters. Unless a mailinglist
member's computer gets infected, the filter you suggest would block the worms.
The problem with that filter is that many legitimate posters also use
non-subscribed addresses, for example because they read mail at different
locations or because sometimes someone who isn't subscribed wants to post an
announcement.
> Good work Wynke but the users need to have a good Virus scanner.
> En keep it up to date.
Actually, I think virus scanners are only a workaround. The solution to this
problem would be more care for security from software manufacturers. It would
help if more users would show some consideration for security, for example by
making security on of the criteria for selecting their mail client.
Bye,
Maarten
--
For info, see http://www.stack.nl/~wynke/MSX/listinfo.html
