Educause Security Discussion mailing list archives

Re: Bagle.j out

From: "Gordon D. Wishon" <gwishon () ND EDU>
Date: Wed, 3 Mar 2004 16:34:02 -0500

Jack,

At 06:46 AM 3/3/2004 -0500, Jack Suess wrote:

What I will probably look at following the suggestion in the
Educuause/Internet2 Effective Security Practices Guide

http://www.educause.edu/security/guide/VirusandIntrusionDetection.asp

and require my mail administrators to rename .exe and .zip attachments to
something that can't be auto-opened. This allows people to still transport
these but they have to go through a extra step of saving these as a
different name and opening the application to read these. Usually those
steps provide the "thinking pause" necessary to realize what is legit or
not.


I wish this was the case.  Unfortunately, we're seeing clear evidence that
despite already renaming attachments and inserting a warning, a non-trivial
number of people on our campus are (1) renaming, (2) unzipping, (3)
executing, and (4) entering the 'password'.  Step (5) is typically to call
the helpdesk to report a virus.

As a result, we're going to (at least temporarily) suspend delivery of
attachments with the .zip extension.

Gordon

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Bagle.j out, (continued)
- Re: Bagle.j out Jason Richardson (Mar 02)
- Re: Bagle.j out James Morris (Mar 02)
- Re: Bagle.j out Gary Flynn (Mar 02)
- Re: Bagle.j out Tim Lane (Mar 02)
- Re: Bagle.j out Bradley D. Thornton (Mar 03)
- Re: Bagle.j out Jack Suess (Mar 03)
- Re: Bagle.j out Michael_Maloney (Mar 03)
- Re: Bagle.j out Iljun Kim (Mar 03)
- Re: Bagle.j out Joe St Sauver (Mar 03)
- Re: Bagle.j out Cal Frye (Mar 03)
- Re: Bagle.j out Gordon D. Wishon (Mar 03)
- Re: Bagle.j out Marty Hoag (Mar 03)
- Re: Bagle.j out Matthew Dalton (Mar 03)
- Re: Bagle.j out Scott Weeks (Mar 03)
- Re: Bagle.j out Kevin Shalla (Mar 03)