[Dshield] Password protected Bagle.F

mlb DataAid dataaid at shaw.ca
Sat Mar 6 06:26:30 GMT 2004


Just curious ... Why not use a lossless compression method other than ZIP?
Several I can think of include LHARC, STASH, SEAU, and compress.

	Mike

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Ernest Eustace
Sent: March 5, 2004 6:27 PM
To: 'list at dshield.org'
Subject: RE: [Dshield] Password protected Bagle.F


Hello All,

We got a good laugh out of many of the comments here at work, unfortunately
its not as funny when we think about this being the same kind of stuff we
have to put up with here.

Even though we block most downloads at our network edge, we did allow ZIPs
for the CAD folks to get their huge drawings, but now with so many Bagle
variants on the loose we've blocked ZIPs too, and as expected are getting
resistance from the users, but more particularly from their managers.

I was wondering what, if anything some of you have done to allow access to
ZIPs but still keep the network secure. I am certainly not going to be
allowing ZIPs in any time soon, our gateway A/V firewall (FortiGate) is
registering over a 1000 infected ZIPs quarantined daily.

For the time being we are setting up individual FTP accounts for the users
that need them and asking their contacts to upload the ZIPs there, but some
of these are mass mailed to many individuals (not all at our company) and
the managers feel its too much trouble to ask the sender to FTP just for us
(though they seem not to understand that it would be much more trouble if
some worm infected us and there was NO network).

Thanks in advance for any input.

Ernest Eustace FCSE GCIA CCNP MCSE
Networking & Security
BringIT
www.bringit.ca

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.611 / Virus Database: 391 - Release Date: 2004.03.03
 




More information about the list mailing list