[Olpc-sysadmin] Malware detected in RT through leaky antispam/antimalware filters
Chris Leonard
cjlhomeaddress at gmail.com
Fri Aug 22 14:36:07 EDT 2008
Dear SG'ers
A security note, particularly to those of you using Windows OS systems.
Please exercise caution when working RT tickets that (typically) have short
messages and also contain attachments or links. This is a common
"social-engineering" technique employed to get you to "invite" malware into
your system by opening the file or following the link.
I encountered a ticket earlier today that had a very short message and a zip
file. I was somewhat suspicious of it and sure enough, clicking on the zip
file link set off my antivirus alert system and informed me that the zip
file contained a damaged version of the Netsky worm (sometimes damaged
versions of malware can actually be worse than "good" versions). Be aware
that many attachment types can potentially be vectors of malware including
PDF and many MSOffice filetypes.
A Linux or Mac system would not have been susceptible to this particular
Netsky worm variant which targets Windows systems specifically; however,
such systems are not immune to other sorts of malware attacks. While
somewhat more secure than Windows (what isn't), part of the equation is that
they just are not as frequently targeted.
The ticket in question has been "taken" and pointed out to hhardy. It will
be disposed of in a suitable manner when his investigation is complete.
I have genuine concerns about the adequacy of the spam filtering on RT
(these are not just the usual gripes), but my considered opinion as a
professional with such responsibilities at my own company. Over the past
few months, 4 out of every 10 messages has been spam. I have been sharing
these concerns and some in depth analysis with OLPC and I can only hope that
it will not take too many more "near misses" like this one before spam is
taken seriously as a security issue (placing OLPC and SG'ers at risk) as
well as a significant cost-drain on precious resources, both internal and
volunteer.
The best malware protection is an informed user (plus current patches and a
good AV tool), so be careful out there, the internetz has some dark alleys
you don't want to walk down alone.
cjl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/olpc-sysadmin/attachments/20080822/55959da3/attachment.htm
More information about the Olpc-sysadmin
mailing list