Print

Print


On Wed, 3 Mar 2004, Stefanie Ploof wrote:

> I have received several reports from around campus that the message
> below with a MoreInfo.zip or other .zip attachments that are ACTIVELY
> INFECTED with a virus have been received by many of us.  Please notify
> your clients not to open the attachment of this message, since it is
> actively infected with W32.Beagle.J.

They were getting through because the virus uses a password protected zip,
which the virus scanner can't open to scan.  Rather than dropping all
password protected zips, we've been adding a banner to the messages
indicating that users should only open the zip attachment if they are
expecting an attachment from the sender.

Since this social engineering virus seems to be working at some level,
we're now blocking it based on the From address.  Email from the following
addresses will now get dropped at the email gateways:

[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]
[log in to unmask]


If the virus starts using other from addresses that are actually valid,
we'll probably have to start blocking "encrypted" archives.

mga.