Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Valentine card - be sure not to get more than what you expect - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Valentine card - be sure not to get more than what you expect
Every opportunity where people send each other cards is one of those times the bad folks out there try to do their thing.

Valentines day is no exception to that rule.

We can all try to educate users not to click on attachments that are unexpected or from unknown senders, but how is that going to meet up in real life against the possibility of a hot date with a secret admirer ?

We can try to tackle the problem with technology that scans incoming messages, removes executable content,  repetitive content (spam), etc. but signature based systems will leak exploits, repetition might not always be there and the first few will be passed on regardless and perhaps worst of all, users are generally willing to go through great lengths to get their price and work around extension based filtering.

We could also try to promote not sending media rich wishes. We can lead by example. Simple text in plain old ASCII will do the trick just as well as a 5 Mbyte powerpoint presentation, flash animation or even HTML email.

Anyway, make sure to have a happy February 14th without catching on of these:

Symantec: Trojan.PPDropper.G

Oh, yes it's likely using a fresh so called 0-day, so it seems we'll have more Office patches in a few months time.

With thanks to Juha-Matti for being the first to pointing it out to us. Thanks for some inspiration Steve.
 
--
Swa Frantzen -- NET2S
Swa

760 Posts

Sign Up for Free or Log In to start participating in the conversation!