[Dshield] Password protected Bagle.F

Al Reust areust at comcast.net
Wed Mar 3 02:49:24 GMT 2004


They are getting smarter at Social Engineering. This is hardline.

At 03:22 PM 3/1/2004 -0800, you wrote:
>"Jon R. Kibler" wrote:

<Snipped>

>another one looked like this:
>
> > ----------xuhsskfamnoflsqmjcme
> > Content-Type: text/plain; charset="us-ascii"
> > Content-Transfer-Encoding: 7bit
> >
> > If you are going to make me cry, at least be there to wipe away the 
> tears *Right now the worst thing for you to tell me that I can find 
> someone better than   you, especially when you are all I want
> > password: 12452
> >
> > ----------xuhsskfamnoflsqmjcme
> > Content-Type: application/octet-stream; name="Jammie.zip"

If I (a male common user) perceived the name as from a Female, and a 
"Zipped Love Letter" that would have all kinds of secrets, sexual innuendo 
and/or private pictures (Suppressed Voyeurism, etc.). Then a Common Male 
User would be "tempted" to peek. That is education, about social 
engineering and consequences..

Key words/phrases:
* You make me Cry.. Wipe away My Tears.
* You tell me I can find someone better..
* I want only You...

So that strikes the heart of the "Weak" Male Libido. It is very good in 
that respect.. But bad for the Network/Corporation. In todays common world 
they are also a risk for "Sexual Harassment" or other bad connotations that 
we also have to defend against. If a user stated they had the Virus after 
clicking on that.. Their workstation would be immediately searched for 
Graphics.. Other Audits would take place. I as an Administrator can not 
afford the risk.

So as this goes way back to Corporate Policy and "Acceptable Use" of 
Corporate hardware. Training users to "call" and say "I got something I Did 
NOT Request," what do I do? Then having Staff follow up immediately, 
protects both the users and the corporation. You then know the "attack 
vector." The User that violates those precepts deserves to have the FBI 
asking him/her questions. Yes it is better they ask the "individual" than 
You, why it got past! WE all do what we can, we get creative with what we 
have.. We ask in places like DShield, how we can do more within those bounds.

This is one of the best groups with suggestions and ideas on how to expand 
on learning and our horizons.. For those taking time to say 
"something/provide answers" if nothing else, I appreciate it.  No, we all 
do not agree but someone has something to offer. This is an Auspicious 
Group. For those of you that just watch and listen with questions, please 
ask. No one here, has to wear Asbestos Underwear..

Thank You

2 cents..

Al








More information about the list mailing list