RE: WARNING: Hacker Alert

Tue, 18 Sep 2001 20:41:09 -0700 

Some people have business requirements that prevent this.
To avoid your policy I could just send you a zip file containing a virus
executable with some words "here is the latest 'insert your favourite thing
here' you were looking for" , you will be surprised how many people would
open the zip file up and run the executable. The hole you have is just
slightly smaller than a .exe
 
In general terms regarding the virus:
 
Content checking tools like mimesweeper and mail marshal etc would look
inside the zip and block because it contatined an executable.
zipped executables do not compress very well.
websites that are infected with the virus and can autodownload a readme.eml.
hope you have patched IE5 as required
hopefully you de not allow any shares in via your firewall THIS INCLUDES VPN
REMOTE STAFF as once their machine is hit your servers will be too. yet more
incoragement to use terminal seve at home or where ever as it is just a
screen scraper.
 
This is a real can of super ugly worms and you need a total security policy
for your site not just blocking executables via email.
 
regards
dean

-----Original Message-----
From: Carstensen, Pete [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 19 September 2001 8:47 a.m.
To: NT System Admin Issues
Subject: RE: WARNING: Hacker Alert



I still don't realize why some administrators let executables thru their
email systems.  Yes, it is very handy to send the latest game or sol.exe
file to your buddy but it is just as easy to zip it first or otherwise do a
protective step to avoid worms like this.  We stop as many of the nasty
files as we can and get just about no complaints because:

 

1)       Company policy is not to allow users to install software.

2)       Most are aware of the prevalence of executable based virus programs

3)       It is very easy to zip before sending or receiving.

4)       A 5MB limit is enforced (zip helps here too).

5)       Any legitimate request can be given alternate ways to get the file.

 

Stop README.EXE at the Firewall, Proxy Server, or Exchange server and you
really limit your exposure.

 



***************************

Pete Carstensen, MCSE

Senior LAN Engineer

CSK Auto, Inc.

645 E. Missouri Ave.

Phoenix,  AZ  85012

(602) 631-7176

[EMAIL PROTECTED]

 

Little surprises around every corner, but nothing dangerous.

                              -- Willie Wonka

 

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm


***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************

http://www.sunbelt-software.com/ntsysadmin_list_charter.htm

Reply via email to