Educause Security Discussion mailing list archives

Re: Bagle.j out

From: Marty Hoag <Marty.Hoag () NDSU NODAK EDU>
Date: Wed, 3 Mar 2004 15:44:33 -0600

Gordon D. Wishon wrote:

I wish this was the case.  Unfortunately, we're seeing clear evidence that
despite already renaming attachments and inserting a warning, a non-trivial
number of people on our campus are (1) renaming, (2) unzipping, (3)
executing, and (4) entering the 'password'.  Step (5) is typically to call
the helpdesk to report a virus.

As a result, we're going to (at least temporarily) suspend delivery of
attachments with the .zip extension.

Gordon


   That is interesting. Since yesterday when I saw the
first Bagle.j message I've worried that the next ones
will say "Please note that we have renamed the attachment
to ensure this important information gets to only you.
Please just rename it to dippy.zip then extract and
run the new salary.exe update."  ;-)
   I know there are still lots more technological
approaches (block all attachments including HTML
versions of messages, etc.) but it does come
down to the person at the end.

   marty

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Bagle.j out, (continued)
- Re: Bagle.j out James Morris (Mar 02)
- Re: Bagle.j out Gary Flynn (Mar 02)
- Re: Bagle.j out Tim Lane (Mar 02)
- Re: Bagle.j out Bradley D. Thornton (Mar 03)
- Re: Bagle.j out Jack Suess (Mar 03)
- Re: Bagle.j out Michael_Maloney (Mar 03)
- Re: Bagle.j out Iljun Kim (Mar 03)
- Re: Bagle.j out Joe St Sauver (Mar 03)
- Re: Bagle.j out Cal Frye (Mar 03)
- Re: Bagle.j out Gordon D. Wishon (Mar 03)
- Re: Bagle.j out Marty Hoag (Mar 03)
- Re: Bagle.j out Matthew Dalton (Mar 03)
- Re: Bagle.j out Scott Weeks (Mar 03)
- Re: Bagle.j out Kevin Shalla (Mar 03)