Re: Son of Swen?

To: debian-user@lists.debian.org
Cc: Ross Boylan <RossBoylan@stanfordalumni.org>
Subject: Re: Son of Swen?
From: Derrick 'dman' Hudson <dman@dman13.dyndns.org>
Date: Fri, 26 Sep 2003 12:54:42 -0400
Message-id: <[🔎] 20030926165442.GA12902@dman13.dyndns.org>
Mail-followup-to: debian-user@lists.debian.org, Ross Boylan <RossBoylan@stanfordalumni.org>
In-reply-to: <[🔎] 20030926063908.GR2341@wheat.boylan.org>
References: <[🔎] 20030926063908.GR2341@wheat.boylan.org>

On Thu, Sep 25, 2003 at 11:39:08PM -0700, Ross Boylan wrote:

| I just received a MS upgrade worm that appears to have a complete
| executable that's 0.1k.  So the whole message is quite brief.

Are you sure there was really an executable in that message?  I've
received quite a few similar messages, except there is absolutely no
content in the .exe mime part.

BTW, a rule like this in your mail system's mime header checks is
quite effective against certain forms of trash :
    /^Content-Type: .*x-(?:wav|midi);.*\.exe\b/ DISCARD LookOut! exploit
    /^Content-Type: .*x-wav;.*\.txt\b/          DISCARD LookOut! exploit
(this particular syntax is a pcre map in postfix (>= 2.0) mime_header_checks)

-D

-- 
A violent man entices his neighbor
and leads him down a path that is not good.
        Proverbs 16:29
 
http://dman13.dyndns.org/~dman/

Attachment: pgp8aSM1pAZjb.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Son of Swen?
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>

References:
- Son of Swen?
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>

Prev by Date: Re: tar vs dpkg --get-selections for backup scheme
Next by Date: Re: Service Pack1 XP
Previous by thread: Re: Son of Swen?
Next by thread: Re: Son of Swen?
Index(es):
- Date
- Thread