Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: dealing with w32/bagle

  • From: Crist Clark
  • Date: Thu Mar 04 14:19:17 2004

Laurence F. Sheldon, Jr. wrote:

Jeff Shultz wrote:

** Reply to message from "Laurence F. Sheldon, Jr."
<> on Wed, 03 Mar 2004 22:04:44 -0600

Curtis Maurand wrote:

Until there's an easy way of getting a file to your friend down the street that's as easy as sending an email, we're stuck with this.

My personal favorite that at one time would have been the easiest to
develop has a MUA that "attaches" the document by storing the text
in an HTTP-accessible archive (on the sender's machine?  on the sender's
MTA machine?) and including a URL in the email.
And how is this going to slow viruses passed around by the mad clickers?
The email has a link they click on and the MUA downloads the message.
This is pretty much how IMAP works anyway, just that the attachment
is available for download at their IMAP server and arrived there over
SMTP rather than some remote HTTP, FTP, or whatever server.

My personal objection to embedded attachments is not a product of the
virus rage going on--
Ah, so this method of delivering content really is not meant to deal
with this.

We have to face it. The only real technical solution I am aware
of is not allowing users to run arbitrary code on their systems. It
looks like if you allow that, someone will be able to socially engineer
enough moro^W users to download malicious code and execute it. C'mon,
the current Bagle strains require the user to unzip the file, manually
enter the password to the zip that's in the message body, then execute
the unzipped file. It's spreading like wildfire. And we wonder who is
gullible enough to buy spamvertized organ enlargement products or fall
for a phishing scam?
Crist J. Clark                     
Globalstar Communications                                (408) 933-4387

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.