dealing with w32/bagle

Crist Clark crist.clark at globalstar.com
Thu Mar 4 19:14:09 UTC 2004


Laurence F. Sheldon, Jr. wrote:

> 
> Jeff Shultz wrote:
> 
>> ** Reply to message from "Laurence F. Sheldon, Jr."
>> <LarrySheldon at cox.net> on Wed, 03 Mar 2004 22:04:44 -0600
>>
>>> Curtis Maurand wrote:
>>>
>>>> Until there's an easy way of getting a file to your friend down the 
>>>> street that's as easy as sending an email, we're stuck with this.

[snip]

> My personal favorite that at one time would have been the easiest to
> develop has a MUA that "attaches" the document by storing the text
> in an HTTP-accessible archive (on the sender's machine?  on the sender's
> MTA machine?) and including a URL in the email.

And how is this going to slow viruses passed around by the mad clickers?
The email has a link they click on and the MUA downloads the message.
This is pretty much how IMAP works anyway, just that the attachment
is available for download at their IMAP server and arrived there over
SMTP rather than some remote HTTP, FTP, or whatever server.

> My personal objection to embedded attachments is not a product of the
> virus rage going on--

Ah, so this method of delivering content really is not meant to deal
with this.

We have to face it. The only real technical solution I am aware
of is not allowing users to run arbitrary code on their systems. It
looks like if you allow that, someone will be able to socially engineer
enough moro^W users to download malicious code and execute it. C'mon,
the current Bagle strains require the user to unzip the file, manually
enter the password to the zip that's in the message body, then execute
the unzipped file. It's spreading like wildfire. And we wonder who is
gullible enough to buy spamvertized organ enlargement products or fall
for a phishing scam?
-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387



More information about the NANOG mailing list