RE: CRIME SOBIG ADVISORY

From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Thu Aug 21 2003 - 17:35:34 PDT

  • Next message: Raan Young: "Re: CRIME SOBIG ADVISORY"

    >Perhaps the virus scanners of the world could include
    >a flag in the data base that the engine uses that would indicate whether a
    >virus spoofs the source.   Then the part of the software that sends notices
    >to the senders would know that the sender was faked.  In this way the help
    >desks of the world would not be bombarded by questions from users that
    >never actually had the virus.  
    
    Well, that's what I recommended.  So, I'm glad that's what your suggestion
    is.  :-)
    
    >The world would be grateful and throw money at these vendors.
    
    Unfortunately, the world is not that simple.  That will make us the
    well-behaved citizen.  But because you buy our version, it won't mean that
    the others will.  So, it will be the concept of everyone being well-behaved
    citizens before the rest of the population benefits.  But of course, we have
    to offer something to get it started.
    
    >Another interesting twist is happening with viruses like SOBIG.  A mail
    >filter detected the presence of the executable in the mime attachment and
    >sent the entire message to the spoofed sender!  Of course it was a text
    >copy of the mime attachment, but if you are interested in collecting the
    >virus source in a somewhat safer format, here it is for the taking.  The
    >mail filter also says, in different words, if you intended to subvert the
    >security of the system you should enclose the executable in a zip file.
    >How nice and accommodating!
    
    That's OK.  We decipher MIME.  And we scan inside compressed files.  :-)
    
    Jimmy
    



    This archive was generated by hypermail 2b30 : Thu Aug 21 2003 - 18:16:41 PDT