I actually am using MessageLabs.com for my email which stops 100% of viruses or money back. I have never had a virus issue via email since I went to them. However, I still don't complete trust it for all viruses. I was just wondering if I could disable the .exe mainly because my users run outlook through Citrix and I don't wany anything dumb getting on my servers. Back in 9/11 I had a bunch of copies of flag.exe running which about killed my server. Gunnar -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx] Sent: Wednesday, January 28, 2004 8:16 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Experts fear worm is first of more-sophisticated attacks on horizon. invest in Trend Micro ScanMail for Exchange 2000. You can specify file types to be blocked and it will even due a "true" file type scan so if a exe is renamed to ex_ or something it is not fooled. It is one of the best products I have installed on any of our servers. Greg -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Berger, Gunnar Sent: Wednesday, January 28, 2004 8:10 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Re: Experts fear worm is first of more-sophisticated attacks on horizon. I'm running Exchange 2000, any quick and easy way to disable all .exe from being opened. Gunnar -----Original Message----- From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx] Sent: Tuesday, January 27, 2004 4:14 PM To: windows2000@xxxxxxxxxxxxx; nospam@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx Subject: [windows2000] Experts fear worm is first of more-sophisticated attacks on horizon. Bagle-Type Threats on the Rise? By Dennis Fisher January 26, 2004 http://www.eweek.com/article2/0,4149,1460179,00.asp Experts fear worm is first of more-sophisticated attacks on horizon. While the outbreak last week of the Bagle.A virus was one of the least troublesome in recent memory, security experts worry that the virus-following in the infamous footsteps of 2003's SoBig worms-is a harbinger of more-sophisticated attacks to come. Many in the security community say the SoBig family-and possibly Bagle.A-are the work of an organized group of criminals with bigger plans than merely clogging in-boxes and annoying IT staffs. (Bagle.A infected about 19,000 PCs worldwide and fewer than 800 in North America, according to Trend Micro Inc.) SoBig.F and Bagle.A have the capability to log users' keystrokes, enabling the theft of passwords and other sensitive data, and are programmed to set up proxies on infected machines for the purpose of sending spam. Experts say these attributes, as well as evidence gathered by law enforcement, indicate that these worms are being used as tools for large-scale identity theft and financial fraud. "SoBig.F is the one you can point to as the first along these lines," said John Frazzini, vice president of intelligence operations at iDefense Inc., a security intelligence company based in Reston, Va., and a former federal computer crimes investigator. "Bagle is following these same motives and methods. They're being used to further massive financial crimes, trying to achieve a criminal outcome." Whoever is behind these worms, security insiders say, is using data retrieved from infected machines to commit bank and credit card fraud, perhaps in small increments against thousands and thousands of victims. They also can use the proxies the worms install to send out massive amounts of spam messages. The various fake e-mail messages purporting to come from PayPal, eBay Inc. and a variety of banks asking for passwords and account numbers are being generated by these same proxies, the experts say. For IT managers, these worms present new difficulties, given that they don't do any noticeable damage to infected machines but, rather, steal sensitive corporate passwords and other data. Many of these worms come from spoofed addresses that are likely familiar to the recipient. Experts recommend that in addition to blocking executable files at the mail gateway, administrators encourage their users to confirm any attachment they weren't expecting, even from people they know. Administrators can also look for spikes in traffic on unusual ports or client machines sending large amounts of mail messages. Whether or not these worms are being released by traditional organized crime groups is of less interest to experts than the fact that the worm creators are learning from their mistakes and becoming more proficient. "It's certainly interesting to see [Bagle.A] mirror the techniques in SoBig. It could be that virus writers are using Net users as beta testers before they build the very big ones. It's very plausible that it's more than just a set of script kiddies doing this," said Ian Hameroff, eTrust security strategist at Computer Associates International Inc., in Islandia, N.Y. "We're still peeling back the layers of the onion, and people still need to be vigilant that there will be other ones coming. This could be ushering in a new era of malware," Hameroff said. As with last year's constant stream of SoBig variants, Hameroff and others say that new and improved versions of Bagle.A or as-yet-unknown worms are on the horizon. "We could be looking at additional attacks and malware of this sort in 2004. We've seen a trend toward successful worms and attacks," said Ken Dunham, malicious-code manager at iDefense. "This is really a new wave." ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs Email Security System. For more information on a proactive email security service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm