- TalkBack 16 of 34:
- Next »
- « Previous
- Thread View
- Flat View
- Did you even bother to read what I wrote?
-
You wrote:"First, scripting is turned off in Outlook by default now, unlike in 2000, by setting the IE-in-Outlook security to restricted and turning off all scripting in this zone. This means these scripts you're talking about don't even get a chance to run. Most users also opt to view emails as text only although we still allow them the option of HTML for now. " and "Any non-approved email or any email with executable attachments (including zips) it gets quarantined based on the rules engine."
I wrote: "2) The email itself contains the social engineering and a URL to one of many compromised webservers." and "4) The hostile webpage itself exploits a combination of known vulnerabilities in Microsoft's Internet Explorer that Microsoft has chosen not to release an update to fix."
Note, the email itself does not contain *ANY* scripting, only html or maybe some social engineering and a URL. Blended attacks are exploited initially by Javascript coded script in the browser, by which the mallware may install visual basic or native coded worm.
http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html
Scripting languages, including Javascript and Visual Basic remain the favored tools of "The Virus Underground"
http://www.nytimes.com/2004/02/08/magazine/08WORMS.html
As I stated back in 2000
http://www.google.com/groups?threadm=slrn8j2cen.pns.heretic%40localhost.localdomain
It is a LOT easier to create a Visual Basic or Jscript virus than
to create a binary executable virus.
Any teenager with half a brain can now grab a copy of a trojan love,
melissa or any number of new visual basic scripts. He can modifiy it by
trial and error until it passes the virus scanners. Then embed the trojan
in ANY type of Microsoft Office 2000 <ocument. He can then attach
the document to the email or have a URL to the document on a web/ftp server.
You wrote:"Secondly, we run an email "white list" that will only allow in email from known sources... "
But I wrote: "1) Hostile emails are increasingly using the tactic of grabbing the email address, In-Reply-To and subject headers from the outlook inbox, making it appear that the email is a reply to a legitmate email."
Note that it the worm itself, via the MAPI interface or by hyjacking Outlook, which delves into the outlook/exchange Inbox.
You wrote:"... and restricts outgoing email. Any non-approved email or any email with executable attachments (including zips) it gets quarantined based on the rules engine. "
This is good news and a good firewall setup with an outgoing SMTP server/proxy can stem the outgoing spread of emailed viruses.
You wrote:"... While there is still the possibility that something could get through, it is highly unlikely to have a high impact. "
However the problem is that, under the above scenario, and apparently according to the Zdnet article most of the companies are deploying anti-virus software, your systems remain vulnerable.
http://zdnet.com.com/2100-1105-5176420.html
The numbers indicate that antivirus software isn't proof against infection. Almost all of the companies surveyed said that at least 90 percent of their desktops have antivirus protection, but still a third of the companies suffered virus disasters.
You wrote:"... We would run the same kind of server side restrictions no matter the OS or mail server. ".
But I wrote:"3) The URL links to a SSL (https://) site. The connection is encrypted from the website to the browser -- no chance of the firewall proxy reading the content.".
You wrote:"Start ranting about ActiveX BHO exploits in IE for a change. I might even agree with you then."
Now I know that you did not even bother to read my reply. The blended attack thread uses exploits in IE.
The Microsoft scripting execution environments for document embbedded scripting and code,whether embbedded in HTML, XML or Microsoft Office documents, remains one of the primary issues of concern with Microsoft securty. That has not changed since September 2000.
http://www.google.com/groups?threadm=slrn8j2cen.pns.heretic%40localhost.localdomain
Other desktop environments and applications can provide significantly more secure platform for dealling with day to day business. - Posted by: David Mohring Posted on: 03/20/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story
No further replies to this post will be accepted.
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Windows Server 2008 R2 Optimizes IT
-
See how you can optimize your IT department and save money, using Windows Server 2008 R2.
- Click to download >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
Popular Sanity Saver Videos
