ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Viruses

2003-06-27 21:46:45
from [Mark McCarron] [Permanent Link] 
Perhaps you should examine the 'GIEIS' system located here at:

http://homepage.ntlworld.com/giza.necroplis

And also refer to ASRG - The Solution to Spam - The First Response.
This system would kill off the majority of email based attacks on unsuspecting users. 

I would appreciate your comments,

Mark McCarron.



From: Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
To: ASRG list <asrg(_at_)ietf(_dot_)org>
Subject: Re: [Asrg] Viruses
Date: Sat, 28 Jun 2003 00:26:17 -0400
MIME-Version: 1.0
Received: from mc8-f22.law1.hotmail.com ([65.54.253.158]) by mc8-s5.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun 2003 21:28:11 -0700 Received: from optimus.ietf.org ([132.151.6.20]) by mc8-f22.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 27 Jun 2003 21:27:17 -0700 Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org)by optimus.ietf.org with esmtp (Exim 4.20)id 19W7Ij-00086T-JA; Sat, 28 Jun 2003 00:27:01 -0400 Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)by optimus.ietf.org with esmtp (Exim 4.20)id 19W7IL-00085z-5Jfor asrg(_at_)optimus(_dot_)ietf(_dot_)org; Sat, 28 Jun 2003 00:26:37 -0400 Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1])by ietf.org (8.9.1a/8.9.1a) with ESMTP id AAA02450for <asrg(_at_)ietf(_dot_)org>; Sat, 28 Jun 2003 00:26:33 -0400 (EDT) Received: from ietf-mx ([132.151.6.1])by ietf-mx with esmtp (Exim 4.12)id 19W7II-00016E-00for asrg(_at_)ietf(_dot_)org; Sat, 28 Jun 2003 00:26:34 -0400 Received: from dci.doncaster.on.ca ([66.11.168.194] helo=smtp.istop.com)by ietf-mx with esmtp (Exim 4.12)id 19W7I8-000169-00for asrg(_at_)ietf(_dot_)org; Sat, 28 Jun 2003 00:26:24 -0400 Received: from waltdnes.org (ip27-165.tor.istop.com [66.11.165.27])by smtp.istop.com (Postfix) with SMTP id CF13C36948for <asrg(_at_)ietf(_dot_)org>; Sat, 28 Jun 2003 00:26:17 -0400 (EDT) Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 28 Jun 2003 00:26:17 -0400 
X-Message-Info: KtxBqYfPyq2q+b5GbwSpcDYCuxNqEkmv
Message-ID: <20030628002617(_dot_)C2360(_at_)m433>
References: <B0000024222(_at_)nts1(_dot_)terabites(_dot_)com>
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <B0000024222(_at_)nts1(_dot_)terabites(_dot_)com>; from gep2(_at_)terabites(_dot_)com on Tue, Jun 24, 2003 at 01:32:22PM -0500 
Sender: asrg-admin(_at_)ietf(_dot_)org
Errors-To: asrg-admin(_at_)ietf(_dot_)org
X-BeenThere: asrg(_at_)ietf(_dot_)org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request(_at_)ietf(_dot_)org?subject=unsubscribe> 
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg(_at_)ietf(_dot_)org>
List-Help: <mailto:asrg-request(_at_)ietf(_dot_)org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>,<mailto:asrg-request(_at_)ietf(_dot_)org?subject=subscribe> 
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Return-Path: asrg-admin(_at_)ietf(_dot_)org
X-OriginalArrivalTime: 28 Jun 2003 04:27:19.0948 (UTC) FILETIME=[904094C0:01C33D2D] 

On Tue, Jun 24, 2003 at 01:32:22PM -0500, gep2(_at_)terabites(_dot_)com wrote

> ALL operating systems are vulnerable to viruses, as long as the
> systems are user-programmable (or program-extensible).  OK, your
> digital watch, your microwave oven (probably), and your laser printer
> probably aren't vulnerable to viruses.  But that's because nobody
> else can much change their code, either.
>
> > Other operating systems, or at least late-releases (e.g., Max OSX),
> are not susceptible to viruses.
>
> And just what is the "magic bullet" that you think magically makes
> those systems "not susceptible"?  I don't believe that there IS such
> a magic bullet.

  Because they *DON'T AUTO-EXECUTE EMAIL*.  Yeah, there's been a patch
out for a while, but each time somebody's Windows crashes, and they
re-install, they're back to square 1.  Unixes used to have backtick
expansion enabled in mailcap.  It was determined to be "not a good
thing" and was depracated.  Windows comes with "Windows Scripting Host"
enabled.  And even if you delete it, most 3rd-party programs' install
routines will install a copy to facilitate the install script.  Of
course the installer leaves the scripting host installed.

> And in particular, a WORD macro virus (for instance) which works on
> a Windows-based OS will probably work on a Mac-based OS too... since
> the level of abstraction provided by the macro facility SPECIFICALLY
> shields the executing macro from vagaries based on the underlying OS.

  Not on AbiWord for linux, it won't execute.

> The better solution is really to put restrictions in place on
> incoming material (and E-mail is our focus here) such that potentially
> dangerous executable stuff (and in practice, this means ActiveX-type
> stuff, scripting, and potentially malicious attachments) simply
> aren't allowed to be delivered unless they come from pre-arranged
> (or post-permitted, maybe), _trusted_ people who we EXPECT such type
> of stuff to come from.

  Howsabout the OS not allowing users to execute attachments from inside
email.  Beyond this, what about *AUTO_EXECUTION OF ATTACHMENTS* ?

> I got a spam just a day or two ago shilling for a porn site and
> crowing about how "no credit card required".  The link said,
> in essence, "to connect to this site directly using your modem,
> CLICK HERE."  Under the concealment of the HTML, the link pointed
> to a URL of .exe type.  Most lusers wouldn't realize (of course)
> the implication of the (truthful) prompt... that the executable was
> planning to hang up the person's Internet connection through their
> local ISP, then redial on the user's modem to a 900-type international
> telephone number at staggering per-minute charges, which will of
> course bill to the luser's phone bill to arrive a month later.

  Windows *BY DEFAULT* displays an attachment named "Loveletter.txt.vbs"
as "Loveletter.txt".  *EVEN IF YOU TURN OFF THE OPTION TO HIDE
EXTENSIONS* .lnk and .pif *WILL STILL BE HIDDEN*, unless you get into
some registry hacking that is beyond the ability of the average user.
We pound away at users not to execute executable attachments, and they
think that clicking on a *.GIF or *.JPEG is OK.

--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg


_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today! http://www.msn.co.uk/messenger 


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Viruses, Walter Dnes
Next by Date:  [Asrg] Consent, gep2
Previous by Thread:  RE: [Asrg] Viruses, Bob Wyman
Next by Thread:  [Asrg] Weird spam, Yakov Shafranovich
Indexes:  [Date] [Thread] [Top] [All Lists]