Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!

From: Robert Martin (robert@martin-iti.com)
Date: Wed Dec 05 2001 - 13:01:00 PST

  • Next message: George Heuston: "CRIME FW: NIPC Daily Report, 5 December 2001"

    Pardon the product plug here, but that's why I like mcafee for our 
    office (I don't know if this feature is part of other virus protection). 
    ActiveShield pops a window up in their face and tells them that there is 
    an update available, and can be set to update at a time when the machine 
    is idle.
    
    rob
    
    On Wednesday, December 5, 2001, at 11:30 AM, Steve Nichols wrote:
    
    > We are an ISP as well.
    > I tried to implement a filter very similar to Wil's. However, our users 
    > went
    > ape shit.
    > So I just filter our office traffic.
    > You would not believe how many users add our accounts or help alias to 
    > their
    > address book.
    > We get hundreds of infected e-mail's daily.
    > We send out a weekly usage report as well, and get a ton of "viri" via 
    > RE:
    >
    > I think it's safe to say that we have had over 500 calls in the last two
    > weeks regarding virus's.
    > It is AMAZING how many people install virus protection and say " you 
    > mean I
    > have to update it?"
    > " I got the virus?, But I have NAV, how is that possible?"
    > " When was the last time you updated it?"
    > " I have to update it?"
    >
    >
    > AAAAAAAAAAARRRRRRRRRGGGGGGGGHHHHHHHHHH!!!!!!!!!!
    >
    > Steve Nichols
    > Internet Manager/Network And Systems Administrator
    >
    >
    >                    VALLEY INTERNET COMPANY
    >                 1709 NE 27th Street, Suite C
    >                   McMinnville, Oregon 97128
    >            503-565-5030 or 800-909-9078 (toll-free)
    >      "Pay no attention to the folks behind the curtain..."
    >    PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
    >
    > -----Original Message-----
    > From: owner-crime@/var/spool/majordomo/lists/crime
    > [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of Wil
    > Cooley
    > Sent: Wednesday, December 05, 2001 9:53 AM
    > To: Kuo, Jimmy
    > Cc: crime@private
    > Subject: Re: CRIME FW: [Ccbig] 'Hi' Virus. Be Vigilant!
    >
    >
    > Also Sprach Kuo, Jimmy:
    >> I don't understand why my alert hasn't shown up yet.
    >>
    >> And can anyone tell me, who undertook to block .SCR files after my
    >> presentation at the last meeting?
    >
    > I am:
    >
    > :0 BH
    > *
    > ^Content-(Type|Disposition):.*$?.*name=".*\.(scr|pif|dll|exe|com|lnk|bat|
    > vbs
    > |386|cpl|drv|sys|vb|vbe|vxd)"
    > {
    > 	:0 f
    > 	| formail -A "$FILTMSG Illegal extension, sent to quarantine"
    >
    > 	:0
    > 	! ${JAIL}
    > }
    >
    > I'm just an ISP, so I can't filter too much; people expect to be
    > able to pass lots of crap through and they're not really paying for
    > enhanced security.  As it is, I'm catching lots of greeting cards
    > and crap like that with the .exe.
    >
    > Wil
    > --
    > W. Reilly Cooley                           wcooley@private
    > Naked Ape Consulting                        http://nakedape.cc
    > irc.linux.com                             #orlug,#pdxlug,#lnxs
    >
    > "There was a vague, unpleasant manginess about his appearence; he 
    > somehow
    > seemed dirty, though a close glance showed him as carefully shaven as an
    > actor, and clad in immaculate linen."
    > -- H.L. Mencken, on the death of William Jennings Bryan
    >
    >
    >
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:45 PDT