Re: [MV] Sturmtiger1944 - Virus warning

From: Edwin M. Dyer, III (sturmtiger1944@yahoo.com)
Date: Tue Aug 27 2002 - 06:16:37 PDT


Dave:

No flames needed. All that you say is true. However,
as someone who does work in the IT field as a web
designer, I know enough about virii to prevent myself
from getting hit on a personal level. It boils down to
not downloading attachments from people you don't know
and even if you do know them, scan them anyway.

And yes, working with a Macintosh pretty much rules
out most of the common virii which are running around
like Klez. Not that there aren't malicious code for
them, you just won't see them unless you are being
targeted. The schmucks who want to get the most damage
and mayhem are going to attack the PC and there are
even some virii who can attack both PCs and
Linux-based machines.

I heave heard of IP spoofing, but one can still spoof
the sender address. This is why in the clutter of spam
in my Hotmail dumping ground box, I get spam from
_myself_. I certainly didn't send it.

Again, it boils down to not opening strange
attachments. Lord knows how many .scr, .pif, and .exe
files have floated into my in-box to get hosed and
deleted. Yes, there are other ways to get virri, such
as Excel Macros and ActiveX code. I even heard of one
being put into Flash animation. Oy!

No flames again as there was nothing to flame. Unless
the flames come for being OT.

Regards,

Ed

--- Dave Ball <vought@msn.com> wrote:
> Hi, All...
> I have been Administering large networks for 15
> years and have been an IT
> Director the last 6 and I have seen just about every
> email claiming no fault
> and this one is the standard I see no evil , hear no
> evil, talk no evil. I
> live by there is no fault except by those who coded
> the virus its no ones
> fault, no blame to place, no finger to point, except
> at the person who
> designed and released the malicious code there are
> Billions of dollars lost
> from this sort of terrorism every year.
> Web Mail, Norton, Firewall, Spoof, outlook, these
> are just words. Words are
> not the problem executed code is the problem and if
> you open email have a
> connection to the internet then you are at risk, we
> all are at risk. The
> best you can do is become a patch and definition
> freak and even then you
> will still be vulnerable and have big blood shot
> eyes for your efforts when
> you do get hit because that's it period there is no
> silver bullet.
> You say you have a firewall are you running NAT do
> you know what NAT is. Do
> you dial to your provider or are you connected by
> DSL or cable modem? Is
> your IP address static or dynamic? ever heard of
> spoofing an IP address?
> Myself and the many Admins working for me have tried
> everything we could
> think of even had Symantec (Norton) and McAfee visit
> and look through our
> systems after being pounded hard by Redcode and
> Nimda (admin spelled
> backwards) a year ago.
> What I learned from them was that all antivirus
> products are Signature based
> this means your vendor provides a unique code
> (macros) to identify each
> virus this also means there is a delay of several
> hours or even days before
> the vendor releases an update even if you have your
> automatic update button
> clicked. All this means is that when a new virus
> hits the internet you will
> have your pants down with the rest of us until the
> new definitions have been
> released. In the security classes I have taken
> almost everyone seems to
> agree that pattern matching antivirus technology is
> still the king of virus
> protection although there are few non signature
> based antivirus applications
> like stormwatch but they are young.
> The best protection we found which is still not fool
> proof is to run NIX
> based Internet gateways and filter with hardware and
> software all incoming
> and out going traffic at that point before hitting
> the corporate servers
> this allows us the best if not fool proof protection
> but sucks band width we
> also use a stateful firewall meaning it opens every
> packet for inspection
> another bandwidth sucker.
> Most businesses use internet gateway protection on
> the email server port
> this is fine until someone logs into a Internet
> based web email account
> (Yahoo) and downloads a virus because doing this has
> bypassed the corporate
> email server protection and downloads a virus from
> the Internet to his local
> node which is hopefully subnetted from anything of
> great importance.
> There has been a lull this year in the virus arena I
> think the coders are
> taking a rest or maybe brushing up on XP or NIX or
> even .NET.
> I have included a site that will show just a few of
> the Vulnerabilities for
> the last couple of weeks please do not think because
> you do not run a MS
> Windows based system you are safe because you are
> not but you do have
> something working for you, you are a minority player
> and you will be less
> targeted.
> I use Outlook and like it I keep all my mail in the
> "restricted sites" zone
> and keep that zone locked down.
> I also do a full back up of my system everyday and
> keep Wednesday for 4
> weeks before recycle. I am running NAT and a Linux
> Based Internet Gateway I
> have only one machine outside the gateway and it is
> an Apache webserver that
> is also backed up daily.
> It has been hacked by exploiting a code
> vulnerability in Linux I felt it was
> the least likely to get hacked I was wrong.
> There are a lot of hacking tools on this site please
> becareful what you
> download and how you use it "you are being watched".
> Try some of the sniffer tools monitor the traffic to
> and from your computer
> you might be surprised to find someone lurking there
> are a lot of shared
> resource hackers out there right now some are
> offshore.
> Remember all Internet users are admins and the best
> protection is to keep
> your machine turned off.
>
> Good luck
> Flame away
>
> Dave
> http://www.blackcode.com/vulnerabilities/
>
>
> ----- Original Message -----
> From: "Edwin M. Dyer, III"
> <sturmtiger1944@yahoo.com>
> To: "Military Vehicles Mailing List"
> <mil-veh@mil-veh.org>
> Sent: Monday, August 26, 2002 9:01 PM
> Subject: Re: [MV] Sturmtiger1944 - Virus warning
>
>
> > Greetings:
> >
> > For the record, this infected e-mail did NOT
> originate
> > from me or my computer. I have complete,
> up-to-date
> > virus definitions ( running Nortons ) and there
> are
> > no, and I mean, no, virii on my system, at all.
> >
> > I use Yahoo, a _web-based_ e-mail, and the
> possibility
> > of me sending any kind of infected e-mail is about
> > nil. I do not use Outlook for anything.
> >
> > This e-mail address is in a number of people's
> address
> > books, many of whom I do not know. I have received
> any
> > number of infected e-mails from people I have no
> clue
> > who they are. Each and every one of these e-mails
> has
> > been defeated by Nortons, of which I can scan any
> > inbound e-mail attachment via Nortons on Yahoo.
> >
> > Virii often spoof, and by spoof, I mean they
> _mask_
> > the true originator of the e-mail with a different
> > address.
> >
> > I also maintain a personal firewall and no
> application
> > can get outside access to the 'net without me
> knowing
> > it. Outlook has been denied any outside access
> since I
> > don't use it, won't use it, and just about every
> > single virus out there likes to use it to spread
> > themselves. Take a hint, if you use Outlook and
> don't
> > _have_ to, don't use it. Get something else like
> > Eudora or Pegasus.
> >
> > Once again, no virus has come from me or my
> machine.
> >
> >
> > Regards,
> >
> > Ed
> >
> > "Look before you leap."
> >
> >
> > --- "J. Lee" <milveh@sbcglobal.net> wrote:
> > > I think Sturmtiger1944 may have unknowingly
> caught a
> > > virus and is passing it
> > > out to list members on his email. Hoping nobody
> > > else got it, be careful if
> > > you get e-mail from him. I stopped it before it
> > > could activate thanks to my
> > > anti-virus protection. Jack
> > >
> > >
> > > ===Mil-Veh is a member-supported mailing list===
>
=== message truncated ===

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com



This archive was generated by hypermail 2.1.4 : Wed Apr 23 2003 - 13:31:45 PDT