[Dshield] FriendGreetings Worm is back

Richard Roy RoyR at justicetrax.com
Thu Oct 31 14:35:31 GMT 2002


does anyone have the ip(s) to block?  I would also like to reconfig my dns to remap it to say...  www.gettowork.com so when my users go there they get the message!  ;-)


-----Original Message-----
From: James C Slora Jr [mailto:Jim.Slora at phra.com]
Sent: Wednesday, October 30, 2002 6:37 PM
To: list at dshield.org
Subject: [Dshield] FriendGreetings Worm is back


FriendGreetings invitation messages have been trickling in here all
afternoon.

Proof that "no download" policies should be enforced in the workplace. And
maybe a good argument for having qualification tests before allowing folks
to have an electronic contact list.

Symantec's writeup at
http://www.sarc.com/avcenter/venc/data/w32.friendgreet.worm.html
pretty well lays it out: "Payload Trigger: Accept two End User License
Agreements ". How can AV products possibly protect against this kind of
reckless user behavior?

And how can AV vendors hope to win the legal shoving contest that will
inevitably come from them blocking software with clear EULAs authorizing the
behavior of the installed product? This stuff is not buried in the fine
print or legalese - the software installation process makes it very clear
what it will do, and gives the user plenty of chances to abort the install.

I hate FriendGreetings and I'll block them through every available means,
but I can't say that they have done anything any worse to anyone than the
Honor System Virus does.

Gotta go. I wanna see my e-cards.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list