The renaming of the attachements .exe to .fix is just it... Please run
this file but to avoid problems with the filtering systems we have named
this fiel .fix please save it to your system as .exe
Yet a matter of education. My Kids will know not to run files like that
and so do the OLDER members of my family. I tell them if you get an
email like that let me know and I will fix your computer. BUT NEVER
EVER run anything that comes over the Internet even if it looks like it
came from me. For members of my family that live to far away, I an
telephone support.
Content filtering and monitoring is an ugly beast some folks what there
email scanned while others do not care some want the spam blocked and
others do not care. The problem on a larger mail server cluster would
be deciding who wants it scanned are blocked and who does not...
--
lhe
On Thu, 2005-12-29 at 09:25 -0500, Michael Holstein wrote:
i believe the fucking word "fuck" triggers some .gov filters in a noisy
way :)
This RegEx method of filtering (alas .. employed all too regularly) is
exactly why we get emails for "C1ali$" or "V1agara" or "Steamy Pr0n".
It's like trying to block attachments based on the extension, while
ignoring the magic bits in the header. The next round of "social
engineering" emails that say :
"rename the attached .fix file to .exe so you can run it correctly"
are just around the corner.
/mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
Leif Ericksen <leife@dls.net>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
