Most Virus Protection software worth a tinker's damn checks the *contents* of the zip file... The way we transfer .vbs is, as you say, changing the extension to .txt before attaching it. Dan -----Original Message----- From: Noonan, Wesley [mailto:[EMAIL PROTECTED]] Sent: Tue, February 13, 2001 9:28 AM To: 'Ken Hardy'; Joaquin Tejada Cc: [EMAIL PROTECTED] Subject: RE: FW: Anna Kournikova virus information - Please Read Blocking all .vbs seems like a little overkill to me... I am not privy to exactly how our exchange crew does it, but they are able to strip the attachment and replace it with a .txt extension (or at least that is what it appears to me they are doing). That allows us to send and receive .vbs (i.e. for business purposes) and we can simply rename or cut and paste to get the function of the script back. Personally, I would rather people just zip the scripts that are legit that they send... but that takes a culture change, which is sometimes hard to make happen. Wes Noonan, MCSE/MCT/CCNA/NNCSS Senior QA Rep. BMC Software, Inc. (713) 918-2412 [EMAIL PROTECTED] http://www.bmc.com -----Original Message----- From: Ken Hardy [mailto:[EMAIL PROTECTED]] Sent: Monday, February 12, 2001 17:12 To: Joaquin Tejada Cc: [EMAIL PROTECTED] Subject: Re: FW: Anna Kournikova virus information - Please Read An example in point as to why we block all messages w/ .VBS (among others) attachments. We intercepted over 380 of these little beasties before we were even made aware of it. -- KH On Mon, 12 Feb 2001, Joaquin Tejada wrote: > I just received a posting from someone about this virus, in case you all > doesn't know. > > ---------------------------------------------- > Name: VBS/SST-A > Aliases: Kalamar.A, Calamar > Type: Visual Basic Script worm > Date: 12 February 2001 > > Will be detected by Sophos Anti-Virus April 2001 (3.44) or > later. A virus identity (IDE) file is available for earlier > versions. > > Sophos has received several reports of this worm from the wild. > > Description: > > VBS/SST-A is an email-aware Visual Basic Script worm. > > The worm arrives in an email with the following characteristics: > > Subject line: Here you have, ;0) > Message text: Hi: > Check This! > File attachment: AnnaKournikova.jpg.vbs > > The virus lures users into activating it by pretending to be a > jpeg graphic of Russian tennis player Anna Kournikova. > > The first time the attached file is executed it mails itself to > everybody in your Outlook address book. > > The worm makes changes to the Registry, creating an entry called > HKCU\software\OnTheFly. > > On the 26th of January the worm attempts to connect to a website > in the Netherlands, www.dynabyte.nl > > > Download the IDE file from > http://www.sophos.com/downloads/ide/sst-a.ide > > Read the analysis at > http://www.sophos.com/virusinfo/analyses/vbsssta.html > > Download a ZIP file containing all the IDE files available for > the current version of Sophos Anti-Virus from > http://www.sophos.com/downloads/ide/ides.zip > > Read about how to use IDE files at > http://www.sophos.com/downloads/ide/using.html > > To unsubscribe from this service please visit > http://www.sophos.com/virusinfo/notifications > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
