North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: dealing with w32/bagle
- From: Crist Clark
- Date: Thu Mar 04 14:19:17 2004
Laurence F. Sheldon, Jr. wrote:
Jeff Shultz wrote:
** Reply to message from "Laurence F. Sheldon, Jr."
<LarrySheldon@cox.net> on Wed, 03 Mar 2004 22:04:44 -0600
Curtis Maurand wrote:
Until there's an easy way of getting a file to your friend down the
street that's as easy as sending an email, we're stuck with this.
My personal favorite that at one time would have been the easiest to
develop has a MUA that "attaches" the document by storing the text
in an HTTP-accessible archive (on the sender's machine? on the sender's
MTA machine?) and including a URL in the email.
And how is this going to slow viruses passed around by the mad clickers?
The email has a link they click on and the MUA downloads the message.
This is pretty much how IMAP works anyway, just that the attachment
is available for download at their IMAP server and arrived there over
SMTP rather than some remote HTTP, FTP, or whatever server.
My personal objection to embedded attachments is not a product of the
virus rage going on--
Ah, so this method of delivering content really is not meant to deal
We have to face it. The only real technical solution I am aware
of is not allowing users to run arbitrary code on their systems. It
looks like if you allow that, someone will be able to socially engineer
enough moro^W users to download malicious code and execute it. C'mon,
the current Bagle strains require the user to unzip the file, manually
enter the password to the zip that's in the message body, then execute
the unzipped file. It's spreading like wildfire. And we wonder who is
gullible enough to buy spamvertized organ enlargement products or fall
for a phishing scam?
Crist J. Clark email@example.com
Globalstar Communications (408) 933-4387