new nasty email virus trick to bypass scanners

Mike Tancsa mike at
Thu Dec 4 03:31:36 UTC 2003

At 09:53 PM 03/12/2003, Jamie Reid wrote:

>If an attacker can convince a user to do anything, all  bets
>are off.
>It is conceptually similar to  using SSL to evade a network IDS.
>This is also an intrusion test trick. As system owners, there
>is only so much we can do to prevent and detect compromises.
>What matters is how we respond.

True enough.  However, we also have to protect naive and vulnerable users 
to some degree.  Think about elderly folk.  They are not necessarily as 
quick to spot the scam. The ability to stop the virus before it gets to 
them is important.

The other thing that worries me is that those who rely on their ISP to scan 
for viruses, a false sense of security can come into play.  In the case of 
these types of email viruses, the user might think the file is OK because 
it was scanned.


More information about the NANOG mailing list