RE: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!

From: Steve Nichols (steven@private)
Date: Wed Dec 05 2001 - 11:30:59 PST

Next message: Sarah Mocas: "CRIME WITS '02 Call for Participation (fwd)"

Previous message: Wil Cooley: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
In reply to: Wil Cooley: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Next in thread: Robert Martin: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Reply: Robert Martin: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are an ISP as well.
I tried to implement a filter very similar to Wil's. However, our users went
ape shit.
So I just filter our office traffic.
You would not believe how many users add our accounts or help alias to their
address book.
We get hundreds of infected e-mail's daily.
We send out a weekly usage report as well, and get a ton of "viri" via RE:

I think it's safe to say that we have had over 500 calls in the last two
weeks regarding virus's.
It is AMAZING how many people install virus protection and say " you mean I
have to update it?"
" I got the virus?, But I have NAV, how is that possible?"
" When was the last time you updated it?"
" I have to update it?"


AAAAAAAAAAARRRRRRRRRGGGGGGGGHHHHHHHHHH!!!!!!!!!!

Steve Nichols
Internet Manager/Network And Systems Administrator


                   VALLEY INTERNET COMPANY
                1709 NE 27th Street, Suite C
                  McMinnville, Oregon 97128
           503-565-5030 or 800-909-9078 (toll-free)
     "Pay no attention to the folks behind the curtain..."
   PGP: www.viclink.com/~steven/steven.nichols.pgp.txt

-----Original Message-----
From: owner-crime@/var/spool/majordomo/lists/crime
[mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of Wil
Cooley
Sent: Wednesday, December 05, 2001 9:53 AM
To: Kuo, Jimmy
Cc: crime@private
Subject: Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!


Also Sprach Kuo, Jimmy:
> I don't understand why my alert hasn't shown up yet.
>
> And can anyone tell me, who undertook to block .SCR files after my
> presentation at the last meeting?

I am:

:0 BH
*
^Content-(Type|Disposition):.*$?.*name=".*\.(scr|pif|dll|exe|com|lnk|bat|vbs
|386|cpl|drv|sys|vb|vbe|vxd)"
{
	:0 f
	| formail -A "$FILTMSG Illegal extension, sent to quarantine"

	:0
	! ${JAIL}
}

I'm just an ISP, so I can't filter too much; people expect to be
able to pass lots of crap through and they're not really paying for
enhanced security.  As it is, I'm catching lots of greeting cards
and crap like that with the .exe.

Wil
--
W. Reilly Cooley                           wcooley@private
Naked Ape Consulting                        http://nakedape.cc
irc.linux.com                             #orlug,#pdxlug,#lnxs

"There was a vague, unpleasant manginess about his appearence; he somehow
seemed dirty, though a close glance showed him as carefully shaven as an
actor, and clad in immaculate linen."
-- H.L. Mencken, on the death of William Jennings Bryan

Next message: Sarah Mocas: "CRIME WITS '02 Call for Participation (fwd)"
Previous message: Wil Cooley: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
In reply to: Wil Cooley: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Next in thread: Robert Martin: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Reply: Robert Martin: "Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:44 PDT