[UCLA-LUG] I Love You virus
David Braginsky
daveey@ucla.edu
Sun, 7 May 2000 01:18:09 -0700
Dude, i am not saying check for identical emails, just patterns. Its enough
to find a pattern in the executable and put it in the db.
> -----Original Message-----
> From: linux-admin@linux.ucla.edu [mailto:linux-admin@linux.ucla.edu]On
> Behalf Of mike chan
> Sent: Sunday, May 07, 2000 1:04 AM
> To: linux@linux.ucla.edu
> Subject: RE: [UCLA-LUG] I Love You virus
>
>
> both are damn near impossible.. =p keep a database of all unique emails
> sent... w/ something like a md5... the db would be huge... #2, searching
> through the db to check if the mail should be sent would kill any
> server...
>
> the problem w/ bit patterns is that every forwarded email would still be
> different.. checking for the attachment might work, but your email server
> must support that functionality... =)
>
> mike
>
> At 12.55 AM 5.7.2000 -0700, you wrote:
> >How about an extension to mail servers that allows blocking messages
> >containing a certain bit pattern from being forwarded. This
> software could
> >monitor an online database, and as soon as the virus is
> discovered and added
> >to the db, all enabled servers will no longer forward it. The
> same approach
> >could be used with mail clients.
> >
> >Other possibilities include detecting that a message containing the same
> >attachment was just forwarded 2000 times, and to no longer forward it.
> >
> >> -----Original Message-----
> >> From: linux-admin@linux.ucla.edu [mailto:linux-admin@linux.ucla.edu]On
> >> Behalf Of Frederick Lee
> >> Sent: Sunday, May 07, 2000 12:47 AM
> >> To: linux@linux.ucla.edu
> >> Subject: Re: [UCLA-LUG] I Love You virus
> >>
> >>
> >> On a far more constructive note, I'd like to discuss problem-fixing.
> >> I'd say "solution", except that's already been high-jacked by
> the computer
> >> industry to mean a set of software.
> >>
> >>
> >> First of all, what were the problems involved that
> >> (1) allowed such a virus to propagate.
> >> (2) allowed it to propagate so madly.
> >>
> >>
> >> Next, what would it take to prevent such an outbreak next time?
> >>
> >>
> >> When such an outbreak does occur, what can help in
> >> (1) identifying an outbreak even occurred.
> >> (2) containing the outbreak.
> >>
> >>
> >> And finally, what means to repair the damage afterwards? This is
> >> primarily
> >> a preventative measure, since you can't repair something if
> you don't know
> >> what it's supposed to look like in the first place. The
> obvious answer is
> >> "backups", so I guess a better phrasing would be "what steps
> >> should be taken
> >> in order to repair damages afterwards?".
> >>
> >>
> >> There are other things I'd like to touch on, except I'm
> sleep-deprived and
> >> forgot half the things I wanted to bring up.
> >>
> >> -Fred
> >>
> >> _______________________________________________
> >> UCLALUG Linux mailing list - Linux@linux.ucla.edu
> >> http://linux.ucla.edu/mailman/listinfo/linux
> >>
> >
> >
> >_______________________________________________
> >UCLALUG Linux mailing list - Linux@linux.ucla.edu
> >http://linux.ucla.edu/mailman/listinfo/linux
> >
> snotty e/c
> PGP Key http://www.linuxvalue.com/pgp.html
>
> _______________________________________________
> UCLALUG Linux mailing list - Linux@linux.ucla.edu
> http://linux.ucla.edu/mailman/listinfo/linux
>