[windows2000] Re: Experts fear worm is first of more-sophisticated attacks on horizon.
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Wed, 28 Jan 2004 08:26:00 -0500
I actually am using MessageLabs.com for my email which stops 100% of viruses or
money back. I have never had a virus issue via email since I went to them.
However, I still don't complete trust it for all viruses. I was just wondering
if I could disable the .exe mainly because my users run outlook through Citrix
and I don't wany anything dumb getting on my servers. Back in 9/11 I had a
bunch of copies of flag.exe running which about killed my server.
Gunnar
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]
Sent: Wednesday, January 28, 2004 8:16 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Experts fear worm is first of
more-sophisticated attacks on horizon.
invest in Trend Micro ScanMail for Exchange 2000. You can specify file types
to be blocked and it will even due a "true" file type scan so if a exe is
renamed to ex_ or something it is not fooled.
It is one of the best products I have installed on any of our servers.
Greg
-----Original Message-----
From: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Berger, Gunnar
Sent: Wednesday, January 28, 2004 8:10 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] Re: Experts fear worm is first of
more-sophisticated attacks on horizon.
I'm running Exchange 2000, any quick and easy way to disable all .exe from
being opened.
Gunnar
-----Original Message-----
From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx]
Sent: Tuesday, January 27, 2004 4:14 PM
To: windows2000@xxxxxxxxxxxxx; nospam@xxxxxxxxxxxxx; thin@xxxxxxxxxxxxx
Subject: [windows2000] Experts fear worm is first of more-sophisticated
attacks on horizon.
Bagle-Type Threats on the Rise?
By Dennis Fisher
January 26, 2004
http://www.eweek.com/article2/0,4149,1460179,00.asp
Experts fear worm is first of more-sophisticated attacks on horizon.
While the outbreak last week of the Bagle.A virus was one of the least
troublesome in recent memory, security experts worry that the
virus-following in the infamous footsteps of 2003's SoBig worms-is a
harbinger of more-sophisticated attacks to come.
Many in the security community say the SoBig family-and possibly Bagle.A-are
the work of an organized group of criminals with bigger plans than merely
clogging in-boxes and annoying IT staffs. (Bagle.A infected about 19,000 PCs
worldwide and fewer than 800 in North America, according to Trend Micro
Inc.)
SoBig.F and Bagle.A have the capability to log users' keystrokes, enabling
the theft of passwords and other sensitive data, and are programmed to set
up proxies on infected machines for the purpose of sending spam.
Experts say these attributes, as well as evidence gathered by law
enforcement, indicate that these worms are being used as tools for
large-scale identity theft and financial fraud.
"SoBig.F is the one you can point to as the first along these lines," said
John Frazzini, vice president of intelligence operations at iDefense Inc., a
security intelligence company based in Reston, Va., and a former federal
computer crimes investigator. "Bagle is following these same motives and
methods. They're being used to further massive financial crimes, trying to
achieve a criminal outcome."
Whoever is behind these worms, security insiders say, is using data
retrieved from infected machines to commit bank and credit card fraud,
perhaps in small increments against thousands and thousands of victims. They
also can use the proxies the worms install to send out massive amounts of
spam messages. The various fake e-mail messages purporting to come from
PayPal, eBay Inc. and a variety of banks asking for passwords and account
numbers are being generated by these same proxies, the experts say.
For IT managers, these worms present new difficulties, given that they don't
do any noticeable damage to infected machines but, rather, steal sensitive
corporate passwords and other data. Many of these worms come from spoofed
addresses that are likely familiar to the recipient. Experts recommend that
in addition to blocking executable files at the mail gateway, administrators
encourage their users to confirm any attachment they weren't expecting, even
from people they know.
Administrators can also look for spikes in traffic on unusual ports or
client machines sending large amounts of mail messages.
Whether or not these worms are being released by traditional organized crime
groups is of less interest to experts than the fact that the worm creators
are learning from their mistakes and becoming more proficient.
"It's certainly interesting to see [Bagle.A] mirror the techniques in SoBig.
It could be that virus writers are using Net users as beta testers before
they build the very big ones. It's very plausible that it's more than just a
set of script kiddies doing this," said Ian Hameroff, eTrust security
strategist at Computer Associates International Inc., in Islandia, N.Y.
"We're still peeling back the layers of the onion, and people still need to
be vigilant that there will be other ones coming. This could be ushering in
a new era of malware," Hameroff said.
As with last year's constant stream of SoBig variants, Hameroff and others
say that new and improved versions of Bagle.A or as-yet-unknown worms are on
the horizon.
"We could be looking at additional attacks and malware of this sort in 2004.
We've seen a trend toward successful worms and attacks," said Ken Dunham,
malicious-code manager at iDefense. "This is really a new wave."
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
________________________________________________________________________
This email has been scanned for all viruses by the MessageLabs Email
Security System. For more information on a proactive email security
service working around the clock, around the globe, visit
http://www.messagelabs.com
________________________________________________________________________
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
