Re: CRIME Korean spam & Klez

From: Robert Myles (mylesr@private)
Date: Wed May 22 2002 - 07:55:00 PDT

  • Next message: George Heuston: "CRIME NIPC Watch Daily Report 22 May 2002"

    I have found as Jeffrey has that by blocking attachments, you greatly reduce and eliminate the bulk of the virus attacks.  It will not stop self tunneling worms and you need to provide an alternative for legitimate business attachments.  Although, the need for this type is EXTREMELY low and can be usually accomplished with WinZIP or a similar tool.  A good place to start is the System and Network Attack Center (SNAC) 60 Minute Network Security Guide.  You may contact me directly for a copy or send e-mail to SNAC.Guides@private
    
    Robert Myles, CISSP
    Information Security Officer
    Oregon Health & Science University
    Mail Code AD140
    2525 SW 1st Avenue
    Portland, OR  97201
    Tel:   503-494-8500
    Fax:   503-494-8850
    Cell:   503-329-9972
    mylesr@private
    
    >>> jeffrey <jeffrey@private> 5/22/2002 6:05:58 AM >>>
    Though perhaps draconian, I have had great success with blocking most 
    of the chinese and korean IP space at a firewall (just port 25). Yes, 
    I get a lot of log entries and, yes, there is a chance I may block a 
    legit email (someday), but it has reduced that source to the merest 
    trickle....
    
    Most viruses come in as attachments. Most attachments come in with a 
    .xxx suffix that can be filtered at the mail server level. I haven't 
    accepted a .com, .vbs, .shr, etc. file via email in a long time, 
    because of the probability of it being a virus.
    
    
    
    >I know of several people who have been having a big problem with 
    >receiving Korean Spam e-mails.  One in particular, receives eight 
    >plus Korean spam mails per day.  This has greatly disrupted their 
    >business.  The information has been sent to the Korean War Project, 
    >see link below. If you are having any trouble with the Korean spam 
    >the links below will provide you with more information.
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:43:23 PDT