Security Incidents mailing list archives
Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!!
From: Kevin van Haaren <kevinv () HOCKEY NET>
Date: Tue, 13 Feb 2001 14:28:29 -0600
you're missing the wsf extension. This is the new WSH 2.0 extension for scripts in XML format. http://msdn.microsoft.com/scripting/default.htm?/scripting/windowshost/doc/wsadvantagesofws.htm kevin At 04:07 -0500 2/13/2001, Daniel Martin wrote:
David Luyer <david_luyer () PACIFIC NET AU> writes:; tail -11 /etc/sendmail.cf HSubject: $>CheckSubject SCheckSubject RILOVEYOU $#error $: 553 ILOVEYOU Virus detected RHere you have, ;o) $#error $: 553 Anna Kournikova virus detectedWhile this is all well and good (and will work for this virus), it is worthless against those vbs virii that randomize their subject lines (which happens). Also, with this method one is constantly reacting to virus outbreaks after they happen. Is there any way to get a sendmail rule to block based on the contents of a message - I'm thinking that a useful pattern to block on would be the filename of an attachment; if the filename matches the perl regexp \.\w{2,5}\.(vbs|exe|com|hta|pl|bat|wsh|js)$ case insensitively, then chances are that it's up to no good. Such a rule could have been constructed in the aftermath of ILOVEYOU, and were it already in place it would have prevented this virus from spreading through your mailserver. (I wouldn't necessarily do a reject based on this rule match, but I would hold the email until I was given a chance to examine it manually and determine whether or not it should really go through).
Current thread:
- NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Joseph, Lorne (Feb 12)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Dan Riley (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Ron Johnson (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Kevin van Haaren (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Mark Lastdrager (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! Daniel Martin (Feb 13)
- Re: NEW VIRUS FOUND PLEASE READ IMPORTANT!!!!! David Luyer (Feb 13)