Cypherpunks response to viral stimuli
Riad S. Wahby
rsw at jfet.org
Mon Feb 2 15:09:55 PST 2004
Tyler Durden <camera_lumina at hotmail.com> wrote:
> And then, is it possible to create some kind of filter that stops these
> replies?
If it's the type of virus that delivers its payload as soon as it's
viewed (relying on bugs in MSOE or whatever), then it's possible that
such a thing could go undetected, especially if AV signatures haven't
been updated to stop it. Of course, you could also just put a web bug
in an HTML email sent to the list and wait for people to view the
message in the proper viewer (read: MSOE, &c).
Other than relying on bugs (or "features") of the mail client,
however, it seems that any such system relies on the user opening a
malicious attachment. Any reasonably clueful person knows not to do
this, so the answer to the filter question is yes; lack of stupidity
is a filter that will stop this sort of attack. Of course, this
assumes that the mail client doesn't automagically execute the
payload; on the other hand, it could be argued that using such a
client is itself an act of stupidity.
There's another answer as well: subscribe to a moderated node that
demimes messages before passing them on. Viruses won't get through at
all, nor will HTML email. LNE used demime before its demise;
pro-ns.net and al-qaeda.net do as well.
--
Riad Wahby
rsw at jfet.org
MIT VI-2 M.Eng
More information about the Testlist
mailing list