Re: [lugod@livepenguin.com: [vox] ello! =))]

To: vox@lists.lugoMAPSd.org
Subject: Re: [lugod@livepenguin.com: [vox] ello! =))]
From: Ken Bloom <kabloom@ucMAPSdavis.edu>
Date: Wed, 3 Mar 2004 23:14:06 -0800
Delivered-to: lugod@livepenguin.com
Delivered-to: vox@livepenguin.com
In-reply-to: <200403032055.46450.rod@sunsetsystems.com> (from rod@sunsetsystems.com on Wed, Mar 03, 2004 at 20:55:46 -0800)
List-archive: <http://lists.lugod.org/pipermail/vox/>
List-help: <mailto:vox-request@lists.lugod.org?subject=help>
List-id: lugod's free for all mailing list <vox.lists.lugod.org>
List-post: <mailto:vox@lists.lugod.org>
List-subscribe: <http://lists.lugod.org/mailman/listinfo/vox>,<mailto:vox-request@lists.lugod.org?subject=subscribe>
List-unsubscribe: <http://lists.lugod.org/mailman/listinfo/vox>,<mailto:vox-request@lists.lugod.org?subject=unsubscribe>
References: <20040304020738.GA8182@cibo.cibocantabimus.com> <200403032055.46450.rod@sunsetsystems.com>
Reply-to: vox@lists.luMAPSgod.org
Sender: vox-admin@lists.lugodMAPS.org

I got like 5 of these before UC Davis virus filters managed to pick up the signature and squelch it. Never understimate the user.

ClamAV also managed to pick up the signature and filter 3 of them to my "probably-virus" mailbox. And before either of these checkers were squelching the virus, I saw on Symantec's website that they can detect the virus.

Virus checkers must have other strategies - remember, in the days when virus writers were actually clever, they would do all kinds of things (probably including encryption) to disguise viruses from virus software and technically oriented users. And virus checkers have to have the infrastructure to deal with this.

On 2004.03.03 20:55, Rod Roark wrote:

A couple of these have indeed come through the list.  They
seem to contain encrypted zip files, so there's no signature
for the virus checkers to recognize.

On the other hand they will require the user to be both dumb
enough and conscious enough to enter the password supplied
with the email to decrypt the payload, so it seems unlikely
we'll see much replication of these.

-- Rod

On Wednesday 03 March 2004 06:07 pm, R. Douglas Barbieri wrote:
> Has anyone else been getting this message? It contains a zip file with
> an .exe file in it...gee, do you think it's a windows virus? ;-)
>
> I just find the to and from addresses interesting...
>
> ----- Forwarded message from lugod@livepenguin.com -----
>
> To: vox@livepenguin.com
> From: lugod@livepenguin.com
> Subject: [vox] ello! =))
> Date: Wed, 03 Mar 2004 19:44:43 -0600
> X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=0.13.6.2,
algorithm=fisher
>
> Looking forward  for  a response :P
>
> pass: 36606
>
>
>
> ----- End forwarded message -----
_______________________________________________
vox mailing list
vox@lists.lugod.org

--
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.
My key was last signed 10/14/2003. If you use GPG *please* see me about
signing the key. ***** My computer can't give you viruses by email. ***

Attachment: pgp00003.pgp
Description: PGP signature

References:
- [lugod@livepenguin.com: [vox] ello! =))]
  - From: R. Douglas Barbieri
- Re: [lugod@livepenguin.com: [vox] ello! =))]
  - From: Rod Roark

Prev by Date: Re: [lugod@livepenguin.com: [vox] ello! =))]
Next by Date: Re: [vox] Re: [lugod@livepenguin.com: [vox] ello! =))]
Previous by thread: Re: [lugod@livepenguin.com: [vox] ello! =))]
Next by thread: [no subject]
Index(es):
- Date
- Thread

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.