[Esd-l] Klez@ worm/virus

Simon Matthews simon at paxonet.com
Thu Apr 18 21:20:01 PDT 2002


John,

I poison *.exe on principle. People can always send the files in a zip file 
if they really need to send an exe file!

Simon

At 07:52 PM 4/18/02 -0700, John D. Hardin wrote:
>On Thu, 18 Apr 2002, Hermann Wecke wrote:
>
> > As you can see, they are defanged but they were not trapped.
>
>Klez and some other worms use random filenames. Are you poisoning
>*.exe? If not, then it can easily slip through, as most people only
>poison specific .exe filenames.
>
>I keep seeing these worms being announced, and I keep thinking about
>my default-secure stance, and I keep thinking that I'm going to drop
>*.exe into the recommended poison list on principle.
>
>How badly would this annoy people?
>
>I suppose I could maintain two lists, one with the .exe filenames from
>the various announcements, and a shorter one with just *.exe -
>any comments?
>
>--
>  John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
>  jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
>   768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
>  1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
>-----------------------------------------------------------------------
>  "They [media giants] have no idea how to do business with resourceful
>   human beings rather than passive vegetables. So they run to [the]
>   government for protection."
>                     -- Doc Searls on the SSSCA, in Linux Journal
>-----------------------------------------------------------------------
>    929 days until the Presidential Election
>_______________________________________________
>Esd-l mailing list
>Esd-l at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esd-l



More information about the esd-l mailing list