Art,
we tried that kind of training with our users. No such/much luck.
We tried hard to teach our users but some just double-click on any
attachment.
At the end, we closed all access to yahoo, hotmail and all popular e-mail
accounts thru the firewall. Our company mail-server deletes all attachments
that he figurs as viruses and replaces them with a dummy-file "deleted.txt".
Then the user knows there was an attachment and can contact the sender.
Since then the viruses are strongly reduced. The users complain about
their "private" e-mail but then, they are private and they can use the
company-e-mail-system. All private can be done at home. It worked for us.
Michael
On Mon, 31 Jan 2005 13:17:57 -0800, Art Bahrs <[log in to unmask]> wrote:
>Hi All :)
> Sorry Brice, but this sentence won't deter. That is evidenced by the
>number of "copy cat" virii/worms released. Just last week... Bagle-AY hit
>the wire... and the authors of these things are actually competing with
>each other ... they document it in the source code!
>
> And to tie this into the earlier thread of virii on the 3k's.... well,
>if a 3k is doing work as a mail server.... it could find itself trying to
>deliver 10's of thousands of emails... and it may or may not be able to
>stay up under the deluge... but it will slow down as it tries to handle the
>emails of these worms and such.... And don't be saying that your 3k mail
>server is protected by perimeter devices that will catch the virii... there
>are zero day situations with every variant. Also, the hardest to protect
>against vector on these things is that of webmail: user goes out to
>Yahoo.com and picks up their mail and opens the attachment ... Presto! an
>email worm/virii is loose inside the perimeter!
>
> We need to educate the user community about reviewing subject lines
>and sender's names before opening emails and launching the attachments!
>But this is becoming the big downfall to protecting our network
>infrastructure... the user community :)
>
>Art 'putting away the soapbox now :) hehe " Bahrs
>=======================================================
>Art Bahrs, CISSP Information Security The Regence Group
>(503) 553-1425 FAX (503) 553-1453
>
>
>
> "Brice Yokem"
> <[log in to unmask]
> COM> To
> Sent by: [log in to unmask]
> "HP-3000 cc
> Systems
> Discussion" Subject
> <HP3000-L@RAVE [HP3000-L] OT: Teen Sentenced for
> N.UTC.EDU> Releasing Blaster Worm Variant
>
>
> 01/31/2005
> 11:56 AM
>
>
> Please respond
> to
> "Brice Yokem"
> <[log in to unmask]
> COM>
> |------------|
> | [ ] Secure |
> | E-mail |
> |------------|
>
>
>
>
>
>This guy got off too easy. If he had stolen an amount of money equal to
>the amount his antics cost his victims, they would have locked him up
>for several years. I understand the perpetrator's age was a factor, but
>I hope this doesn't indicate that the courts still regard this type of
>crime as a prank.
>
>------------------
>
>John -
>
>The sentence should be sufficient to deter more of the same. Don't know
>if it is enough, but we will see.
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
>
>
>
>
===========================================================================
=
>IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely
for the entity or individual to whom it is addressed. If you are not the
intended recipient, you should delete this message and are hereby notified
that any disclosure, copying, or distribution of this message is strictly
prohibited. Nothing in this email, including any attachment, is intended
to be a legally binding signature.
>
===========================================================================
=
>
>* To join/leave the list, search archives, change list settings, *
>* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
