>
To: "Curtis Maurand" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, March 01, 2004 6:32 AM
Subject: Re: Possibly yet another MS mail worm
>
> On Mon, 1 Mar 2004, Curtis Maurand wrote:
>
> : > It's annoying how easily these things
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Henry Linneweh" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, March 01, 2004 12:59
Subject: Re: Possibly yet another MS mail worm
On Mon, 01 Mar 2004 10:35:05 PST, Henry Linneweh <[EMAIL PR
On Mon, 01 Mar 2004 10:35:05 PST, Henry Linneweh <[EMAIL PROTECTED]> said:
> Everyday there is a new, news article on this and every day everyone
> panics and eeryday some one says tell the government to make a law, it is time
> to realize that no law is going to do anything for anyone soon. In t
-BEGIN PGP SIGNED MESSAGE-Hash: SHA1
Everyday there is a new, news article on this and every day everyonepanics and eeryday some one says tell the government to make a law, it is timeto realize that no law is going to do anything for anyone soon. In the past wejust took care of the problem
>> In this case, it is the IDIOIT users. You tell them time and time again
>> DONT CLICK ON ATTACHMENTS UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS
>> YOU IN ADVANCE THEY ARE SENDING IT.
> If you do something again and again and again and it fails again and
> again and again you ned to ask whe
You wrote:
> In this case, it is the IDIOIT users. You tell them time and time again DONT
> CLICK ON ATTACHMENTS
> UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
> SENDING IT.
If you do something again and again and again and it fails again and
again and again you ned
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Curtis Maurand
> Sent: March 1, 2004 10:38 AM
> To: Todd Vierling
> Cc: [EMAIL PROTECTED]
> Subject: Re: Possibly yet another MS mail worm
>
>
> My point is that th
On Mon, 01 Mar 2004 11:14:37 CST, John Palmer <[EMAIL PROTECTED]> said:
> In this case, it is the IDIOIT users. You tell them time and time again DONT CLICK
> ON ATTACHMENTS
> UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
> SENDING IT.
CM Kornbluth wrote "The Marching M
>
> In this case, it is the IDIOIT users. You tell them time and time again
> DONT CLICK ON ATTACHMENTS
> UNLESS SOMEONE YOU KNOW IS SENDING IT AND TELLS YOU IN ADVANCE THEY ARE
> SENDING IT.
Just telling people "Don't do that, it's bad." is sure to fail for the
same reason you can't tell peopl
ED]>
To: "Curtis Maurand" <[EMAIL PROTECTED]>; "Todd Vierling" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, March 01, 2004 10:06
Subject: Re: Possibly yet another MS mail worm
>
> Curtis Maurand wrote:
> > On Mon, 1 Mar 2004,
Curtis Maurand wrote:
> On Mon, 1 Mar 2004, Todd Vierling wrote:
>
>> On Mon, 1 Mar 2004, Curtis Maurand wrote:
>>
>>> Sure they doits called COM/DCOM/OLE/ActiveX or whatever they
>>> want to call it this week. Its on every windows system.
>>
>> No, my point was that the majority of newer tro
On Mon, 1 Mar 2004, Todd Vierling wrote:
> On Mon, 1 Mar 2004, Curtis Maurand wrote:
>
> : Sure they doits called COM/DCOM/OLE/ActiveX or whatever they
> : want to call it this week. Its on every windows system.
>
> No, my point was that the majority of newer trojan mail viruses don't depe
Todd Vierling wrote:
It's as if the modern e-mail viruses are closer to human infections. Only
the clueful are immune. 8-)
I would agree if you had written "... At most the clueful are
immune. %^)
On Mon, 1 Mar 2004, Curtis Maurand wrote:
: > It's annoying how easily these things spread even though they don't rely on
: > a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*, so
: > it requires opening the zipfile and then running the program inside it. Of
: > course ever
On Sat, 28 Feb 2004, Todd Vierling wrote:
>
> On Fri, 27 Feb 2004, Stephen Milton wrote:
> Yah, "Bagle.C" is the notation used by F-Secure. This is indeed what it
> was.
>
> It's annoying how easily these things spread even though they don't rely on
> a specific OS vulnerabililty -- hell, it's
> Say such a milter could strip off attachments, replacing them
> with a URL in the email that will allow the recipient to
> download them if they prove clean. It's not an instant
> gratification, but it'll let you distribute the scanning
About 5-6 yrs ago I wrote a system for a customer tha
so would a milter for sendmail that strips off attachments, queues
them for decompression and scanning at a later time be more useful?
Say such a milter could strip off attachments, replacing them with
a URL in the email that will allow the recipient to download them
if they prove clean. It's not
> > I'm not aware of any mail scanner that does this without running an
external
> > anti-virus or something alike, although is not that intensive to follow
the
> > zip headers (as they already do with the MIME headers in order to drop
> > external attachments). Most scanners can accept an anti-v
asier.
Rubens
- Original Message -
From: "Michael Wiacek" <[EMAIL PROTECTED]>
To: "Rubens Kuhl Jr." <[EMAIL PROTECTED]>
Cc: "Todd Vierling" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, February 29, 2004 11:16 PM
Subject: Re: Possibl
I believe the point is, your mail scanner should be able to
scan something as simple as zip compressed attachments. If
it can't, you may want to rethink which program you use.
Most open source and commercial scanners can scan inside zip
files.
mike
On Sat, 28 Feb 2004, Rubens Kuhl Jr. wrote:
>
> It's annoying how easily these things spread even though they don't rely
on
> a specific OS vulnerabililty -- hell, it's an executable *in a zipfile*,
so
> it requires opening the zipfile and then running the program inside it.
Of
> course everyone will run it, even though it's named dygfwefuih.
On Fri, 27 Feb 2004, Stephen Milton wrote:
: Yes, I got that one too. To my peering alias by coincidence. ClamAV
: identifies it as "Worm.Bagle.A2". ClamAV added it the database today,
: and mentioned that it was not in most signature databases yet.
Yah, "Bagle.C" is the notation used by F-Se
Yes, I got that one too. To my peering alias by coincidence. ClamAV
identifies it as "Worm.Bagle.A2". ClamAV added it the database today,
and mentioned that it was not in most signature databases yet.
On Fri, Feb 27, 2004 at 07:12:42PM -0500, Todd Vierling wrote:
>
> This one may be a variant
This one may be a variant of the recent worms. It's spreading by way of
zipfile attachments. I don't have more info yet, but my $orkplace has just
been hit by it and it's unknown to McAfee and Symantec at this time.
It's not W32.Netsky, as best I can tell, because of the attachment filename:
th
24 matches
Mail list logo
