[Dshield] FriendGreetings Worm is back

Serge Vondandamo svondandamo at mercury-eur.com
Thu Oct 31 17:26:35 GMT 2002


Hi,

I have successfully blocked Incoming/outgoing traffic using the followings:

66.206.16.152
www.friendgreetings.com
Host reachable, 212 ms. average

66.206.0.0 - 66.206.31.255

Cyber World Internet Services
422 W. Riverside Suite 901 Spokane WA 99201
United States

Slocombe, Alvin
+1-509-343-2100
alvins at cwiservices.com

NS0.NIC-REG-DNS.COM
NS1.NIC-REG-DNS.COM

CYBERWORLD-INT
Created: 2001-12-04
Updated: 2002-03-08
Source: whois.arin.net

Cheers
Serge
 
 

-----Original Message-----
From: Wayne Beckham [mailto:wbeckham at yahoo.com] 
Sent: Thursday, October 31, 2002 5:11 PM
To: list at dshield.org
Subject: RE: [Dshield] FriendGreetings Worm is back

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Probably right - I know I'm always looking for the next job!  ;-)

So, does anyone have a good IP address to shut out?

- - WB

- -----Original Message-----
From: list-admin at dshield.org [mailto:list-admin at dshield.org] On
Behalf Of Jason Allen
Sent: Thursday, October 31, 2002 7:26 AM
To: list at dshield.org
Subject: RE: [Dshield] FriendGreetings Worm is back


You can't use THAT URL, cuz then they would be looking for another
job on your time. Just redirect them to your Computer Usage Policy
which most certainly warns them of the evils of loading up software
that you didn't authorize. :) 

- -----Original Message-----
From: Richard Roy [mailto:RoyR at justicetrax.com]
Sent: Thursday, October 31, 2002 6:36 AM
To: list at dshield.org
Subject: RE: [Dshield] FriendGreetings Worm is back


does anyone have the ip(s) to block?  I would also like to reconfig
my dns to remap it to say...  www.gettowork.com so when my users go
there they get the message!  ;-)


- -----Original Message-----
From: James C Slora Jr [mailto:Jim.Slora at phra.com]
Sent: Wednesday, October 30, 2002 6:37 PM
To: list at dshield.org
Subject: [Dshield] FriendGreetings Worm is back


FriendGreetings invitation messages have been trickling in here all
afternoon.

Proof that "no download" policies should be enforced in the
workplace. And maybe a good argument for having qualification tests
before allowing folks to have an electronic contact list.

Symantec's writeup at
http://www.sarc.com/avcenter/venc/data/w32.friendgreet.worm.html
pretty well lays it out: "Payload Trigger: Accept two End User
License Agreements ". How can AV products possibly protect against
this kind of reckless user behavior?

And how can AV vendors hope to win the legal shoving contest that
will inevitably come from them blocking software with clear EULAs
authorizing the behavior of the installed product? This stuff is not
buried in the fine print or legalese - the software installation
process makes it very clear what it will do, and gives the user
plenty of chances to abort the install.

I hate FriendGreetings and I'll block them through every available
means, but I can't say that they have done anything any worse to
anyone than the Honor System Virus does.

Gotta go. I wanna see my e-cards.

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

######################################################################
###############
This e-mail message has been scanned for Viruses and Content and
cleared by MailMarshal 
- - For more information please visit www.nwtechusa.com
######################################################################
###############

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPcFWFAx91CpcFNLaEQIR9wCggisE2p47B4e87UxyZN21GnZTq6sAoMiv
0qbaYnhpJcAyJS9kb2XnM4wX
=Sf4b
-----END PGP SIGNATURE-----


_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20021031/1ba5a6db/attachment.htm


More information about the list mailing list