[unisog] Phishing targeting University Admissions

Christian Wyglendowski Christian.Wyglendowski at greenville.edu
Wed Jun 16 18:42:22 GMT 2004

> -----Original Message-----
> Sergent, Phil wrote on Mon, 2004-06-14 at 11:21:27 -0400...
> > You still accept .zip files!?
> We do, as well. It seems to me that not accepting files with 
> extensions is merely a horrible work around. What happens 
> when a new virus comes out that names the attachment as 
> foo.fi_ and tells the user to save the attachment as foo.zip, 
> then open it? 

We use Outlook XP on our campus.  It "blocks" a list of executable
attachment types on its own.  We have extended that list of blocked
attachment types to our email gateway, so they never even hit Outlook at
the desk.  The attachment is replaced by an informational message about
why the attachment was stripped from the message.

As for .zip files, messages containing those attachments have a warning
message inserted in the body that basically reitterates what we have
been all telling our users for years now - don't open this attachment if
you weren't expecting it.

Our solution as it stands can't handle what you mentioned above but it
is adaptable.  We are able to seriously diminish the virus threat today,
and that matters too.

> IMHO fixing the real problem -- vulnerable email clients that 
> execute code -- should be more of a concern. Of course, this 
> does nothing to solve the problem of users saving attachments 
> and executing them; but I have a few solutions to that as 
> well that include using more secure operating systems.

That would be great if we could convince management and end-users that
such a solution exists and will do what Exchange/Outlook does.  Until
that point, I think those of us operating with MS on the back/front end
need to balance user comfort and convenience with security.  It sure is
a delicate balance.

Christian Wyglendowski
Network Administrator
Greenville College
> --
> Eric Pancer :.: Computer Security Response Team :.: DePaul 
> University http://security.depaul.edu/ .:`:.:':.:`:. 
> epancer at security.depaul.edu
> pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3

More information about the unisog mailing list