[Dshield] Virus

Johannes Ullrich jullrich at euclidian.com
Wed Aug 28 21:23:54 GMT 2002

> Another account on our network just got a virus from 'test at dshield.org' 
> Just be warned, don't click on the 'On The.Pif'

good advise. Recent viruses will search the web cache and the 
address book of infected machines and use them as 'From' address.
This is one reason, why a virus like 'Klex' is as effective as it
is. The message looks like it comes from a known source.

- Do not trust the 'From' line. It is easily faked.
- never click on any attachment unless it is announced. (colleague 
  first calls you that she will soon send an attachment)

If you need to send binary files via email, send them as encrypted
zip files. Agree on a password ahead of time. It can be a simple,
easy to remember password. But it will prevent a virus from impersonating

And yes, a lot of the message I am sending come with attachements.
This is usually a PGP signature. You can safely ignore it. If you
have an email reader that understands PGP, feel free to verify it.

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

More information about the list mailing list