OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Filtering .vbs attachments? (Was: Re: Changed subject (was Re: reg. virus named ...)
From: Ari Gordon-Schlosberg (regsnebcorp.com)
Date: Fri May 05 2000 - 18:29:06 CDT

[Stefan Seufert <seufccsw.de>]
> OT: Have you really thought about the impact this litte worm had? It spread
> amazingly fast. Five minutes after I got the first warning the first infected
> mail came in via an other mailing list. And this worm WAS easy to block and it
> was easy enough to advise all employees to avoid getting infected. But today it
> is no longer important how big an virus is... just make that damn thing a bit
> more "intelligent", e.g. changing it's subject by using an built-in dictionary
> or replying to every mail in your inbox. The header_checks which saves us from
> the worst today would be useless. It could even avoid being catched in the body
> of the message by changing some comments in its source which should change the
> whole content after getting uuencoded or mangeled through base64. Can we stop
> that damn thing any longer?
>

You're onto something here, but you're missing one key point: this is not
an infrastructure problem, and trying to fix it with infrastructure is
ridiculous. This is a problem with a single code-base that two email
clients are derived from. And think with this following so closely on the
heels of Melissa, Microsoft is going to have to do something radical.

These MUAs need to be less promiscuous. Period. Otherwise we've got a
quick trip to nowhere. 

-- 
Ari							there is no spoon
-------------------------------------------------------------------------
http://www.nebcorp.com/~regs/pgp for PGP public key