new nasty email virus trick to bypass scanners
Mike Tancsa
mike at sentex.net
Thu Dec 4 03:31:36 UTC 2003
At 09:53 PM 03/12/2003, Jamie Reid wrote:
>If an attacker can convince a user to do anything, all bets
>are off.
>
>It is conceptually similar to using SSL to evade a network IDS.
>
>This is also an intrusion test trick. As system owners, there
>is only so much we can do to prevent and detect compromises.
>What matters is how we respond.
True enough. However, we also have to protect naive and vulnerable users
to some degree. Think about elderly folk. They are not necessarily as
quick to spot the scam. The ability to stop the virus before it gets to
them is important.
The other thing that worries me is that those who rely on their ISP to scan
for viruses, a false sense of security can come into play. In the case of
these types of email viruses, the user might think the file is OK because
it was scanned.
---Mike
More information about the NANOG
mailing list