[Esd-l] Klez@ worm/virus
John D. Hardin
jhardin at impsec.org
Fri Apr 19 06:22:03 PDT 2002
On Fri, 19 Apr 2002, Peter Hanecak wrote:
> Later, for a month or so, I'm stripping .exe files instead of
> poisoning them - it saves me time. Just users get what they did
> not get before - messages without attachments with security notice
> - mostly automaticaly sended worms, thus it was confusing them at
> the begining ("why is this unknown person sending me nothing?").
> But again, it is not that hard to explain ("ignore what's not
> plain and what you do not know").
That actually might be better propaganda: "See? The policy blocked
another worm..."
> Of course sometimes it's not quite ... well effective. Example:
> Someone sending to us 20MB of photos in self extracting ZIP
> archive with, of course, .exe extension.
That's why you put reasonable size limits on your MTA. Email is not a
replacement for FTP...
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
928 days until the Presidential Election
More information about the esd-l
mailing list