Educause Security Discussion mailing list archives
Re: Bagle.j out
From: Matthew Dalton <Matthew.Dalton () ROCHESTER EDU>
Date: Wed, 3 Mar 2004 16:55:02 -0500
For that matter, what is to keep the message from stating: A third party service employed by companyX has determined that your system is infected. Click (hyperlink) to install the patch. Since this works by social engineering, the payload doesn't necessarily have to come with the message. Blocking attachments would do nothing for that. The sender could just open an arbirary port for the connections. This wouldn't be that much of a leap from the back doors already installed. -- ************************************************************************** |Matthew Dalton |Phone: (585)273-1721 | |ITS Security Group |Email: Matthew.Dalton () rochester edu | |University of Rochester | | |Rochester, NY 14620 | | ************************************************************************** On Wed, 3 Mar 2004, Marty Hoag wrote:
Gordon D. Wishon wrote:I wish this was the case. Unfortunately, we're seeing clear evidence that despite already renaming attachments and inserting a warning, a non-trivial number of people on our campus are (1) renaming, (2) unzipping, (3) executing, and (4) entering the 'password'. Step (5) is typically to call the helpdesk to report a virus. As a result, we're going to (at least temporarily) suspend delivery of attachments with the .zip extension. GordonThat is interesting. Since yesterday when I saw the first Bagle.j message I've worried that the next ones will say "Please note that we have renamed the attachment to ensure this important information gets to only you. Please just rename it to dippy.zip then extract and run the new salary.exe update." ;-) I know there are still lots more technological approaches (block all attachments including HTML versions of messages, etc.) but it does come down to the person at the end. marty ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Bagle.j out, (continued)
- Re: Bagle.j out Gary Flynn (Mar 02)
- Re: Bagle.j out Tim Lane (Mar 02)
- Re: Bagle.j out Bradley D. Thornton (Mar 03)
- Re: Bagle.j out Jack Suess (Mar 03)
- Re: Bagle.j out Michael_Maloney (Mar 03)
- Re: Bagle.j out Iljun Kim (Mar 03)
- Re: Bagle.j out Joe St Sauver (Mar 03)
- Re: Bagle.j out Cal Frye (Mar 03)
- Re: Bagle.j out Gordon D. Wishon (Mar 03)
- Re: Bagle.j out Marty Hoag (Mar 03)
- Re: Bagle.j out Matthew Dalton (Mar 03)
- Re: Bagle.j out Scott Weeks (Mar 03)
- Re: Bagle.j out Kevin Shalla (Mar 03)