[Esd-l] Klez@ worm/virus

John D. Hardin jhardin at impsec.org
Fri Apr 19 06:22:03 PDT 2002


On Fri, 19 Apr 2002, Peter Hanecak wrote:

> Later, for a month or so, I'm stripping .exe files instead of
> poisoning them - it saves me time. Just users get what they did
> not get before - messages without attachments with security notice
> - mostly automaticaly sended worms, thus it was confusing them at
> the begining ("why is this unknown person sending me nothing?").
> But again, it is not that hard to explain ("ignore what's not
> plain and what you do not know").

That actually might be better propaganda: "See? The policy blocked
another worm..."

> Of course sometimes it's not quite ... well effective. Example:
> Someone sending to us 20MB of photos in self extracting ZIP
> archive with, of course, .exe extension.

That's why you put reasonable size limits on your MTA. Email is not a
replacement for FTP...

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                       pgpk -a jhardin at wolfenet.com
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
 "They [media giants] have no idea how to do business with resourceful
  human beings rather than passive vegetables. So they run to [the]
  government for protection."
                    -- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
   928 days until the Presidential Election



More information about the esd-l mailing list