I have no sympathy…

Rant,Security,Security Tips

If you are still allowing executable attachments past your mail server then you deserve what ever malware gets into your systems.

Yesterday, VNUNET.com reported the following (possibly FUD?):

Security experts today warned that a “widespread worm” posing as a Valentine’s greeting is spreading fast across the internet.

According to Sophos, as reported by VNUNET;

The worm is attached to the emails in files called ‘flash postcard.exe’, ‘greeting postcard.exe’, ‘greeting card.exe’, or ‘postcard.exe’.

Seems to me that a simple filter for “*.exe” will stop this beast cold in its tracks. ‘But Michael, what about Hotmail, Yahoo! mail, etc?’ Glad you asked.

Get an IPS that will block attachments from those sites. But then again, if you don’t block executable attachments, you probably buy into the argument that IPS is a useless, dead technology.

That’s okay. I have time to blog about this because I don’t have to clean up a single workstation infected with a ‘Valentines day worm.’

I’m going to steal a quote from Terminal23.net, another good security blog you should keep up with:

Thus in war, I have heard tell of a foolish haste, but I have yet to see a case of cleverly dragging on the hostilities. -The Art of War, Chapter 2: On Waging Battle

If you haven’t blocked executables at your mail gateway, you are dragging on the hostilities. Wage battle damnit! Block executable attachments.

These are some of the basics folks; Patch management, centrally-managed AV, draconian firewall rules, and email attachment control. You do those things right and the rest is cake.

</rant>

For more information about this topic

  • No Related Post

posted by Michael on 02.15.07 @ 11:07 am | 0 Comments