[ale] email virus? rehash.... with onions

James P. Kinney III jkinney at localnetsolutions.com
Tue May 7 20:11:18 EDT 2002 

A true scenario, but Mallory's AV scan was still showing clear for
several weeks until the updates caught up with reality. 

Many people I have dealt with have AV software. Some even have it setup
to automatically check for updates on a periodic basis. The default 
upgrade time seems to be about a week.

So, worst case is 7 days from infect to upgrade. On a corporate machine
in use by the VP of finance, this could be a serious disaster.

On Tue, 2002-05-07 at 20:04, Kevin Krumwiede wrote:
> No.  What was happening was that Mallory would send a virus-laden email
> to Bob, using Alice's name in the "from" field.  Bob would warn Alice
> that her computer was infected, but of course her AV scanner wouldn't
> find anything.  Meanwhile, Mallory would remain oblivious.
> 
> Krum
> 
> On Tue, 2002-05-07 at 19:48, Jeff Hubbs wrote:
> > Just so I understand the implications fully...
> > 
> > When Klez first spread in the wild, was it going undetected by the usual 
> > Windows anti-virus software, even if said software was using current 
> > updates of their signature files?
> > 
> > If so, then I find this VERY damning.
> > 
> > - Jeff
> > 
> > James P. Kinney III wrote:
> > 
> > > That brings up an interesting argument for the eradication of M$ on the
> > > corporate desktop. The viral spreading of confidential information could
> > > be viewed as a bigger security threat than just the headache and hassle
> > > of a network getting trashed by a bug going haywire.
> > > 
> > > On Tue, 2002-05-07 at 17:55, Irv Mullins wrote:
> > > 
> > >>On Tuesday 07 May 2002 05:29 pm, you wrote:
> > >>
> > >>>On Tue, 2002-05-07 at 17:07, Cade Thacker wrote:
> > >>>
> > >>>>I cleaned out my mail box the other day, so I don't have the discusion
> > >>>>that you all had the other day, but I just go a bounce back of an email I
> > >>>>did not send. Attached is a small file that "file" returns the following:
> > >>>>
> > >>>>border.bat: MS-DOS executable (EXE), OS/2 or MS Windows
> > >>>>
> > >>>>What was the summary of this puppy? something to do with W32/Klez?
> > >>>>
> > >>>http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.htm
> > >>>
> > >>Thanks for the confirmation.
> > >>It's interesting to take a look at the third (random, I guess) 
> > >>file that is attached to those worms. Using khexedit or similar,
> > >>I have found html, jpg's, and a "confidential" business report 
> > >>so far.
> > >>
> > >>We need smarter worms, which can look for pictures of "girlfriends"
> > >>to send out :p
> > >>
> > >>Regards,
> > >>Irv
> > >>
> > >>---
> > >>This message has been sent through the ALE general discussion list.
> > >>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > >>sent to listmaster at ale dot org.
> > >>
> > 
> > 
> > 
> > 
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> > sent to listmaster at ale dot org.
> > 
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
-- 
James P. Kinney III   \Changing the mobile computing world/
President and CEO      \          one Linux user         /
Local Net Solutions,LLC \           at a time.          /
770-493-8244             \.___________________________./

GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list