RE: Novarg

From: Duston Sickler (dustons_at_charter.net)
Date: 01/29/04

  • Next message: Meritt James: "best defense (was: Re: Novarg"
    To: "'Jeremy Strachan'" <Jeremy.Strachan@ClemengerCommunications.co.nz>, "'sloppy seconds'" <beleguese@yahoo.com>
    Date: Wed, 28 Jan 2004 20:51:18 -0600
    
    

    We have our Symantec Gateway server configured to scan all incoming
    attachments. It automatically strips all executables and any "encrypted
    containers". (password protected zips) This and NAV Corp (managed) has kept
    our organization free from worms for three years running now.

    Duston Sickler
    CompTIA A+ Certified
    "Cedo Nilli"

    -----Original Message-----
    From: Jeremy Strachan [mailto:Jeremy.Strachan@ClemengerCommunications.co.nz]

    Sent: Wednesday, January 28, 2004 2:31 PM
    To: 'sloppy seconds'
    Cc: 'incidents@securityfocus.com'
    Subject: RE: Novarg

    For what its worth - we use NAV for Exchange, and one of the options is to
    block certain attachment types, in this case we block .exe attachments.

    NAV looks inside .ZIP files, see's the .exe inside, and blocks (or deletes)
    the entire attachment.

    That means we aren't dependant on a virus signature being released to block
    this worm (or new variants).

    Jeremy
    National IT Manager
    Clemenger Communications Ltd
    Microsoft MCSE, Novell CNE, Compaq ASE

    -----Original Message-----
    From: sloppy seconds [mailto:beleguese@yahoo.com]
    Sent: Wednesday, 28 January 2004 5:32 p.m.
    To: incidents@securityfocus.com
    Subject: Novarg

    To all,

    Yes as many of you have noticed Novarg is spreading fast. I work for a large
    international corporation and we have seen extensive infiltration. However,
    this worm has not proved to be as "damaging" as some may claim. The scary
    part is that our investment in AV solutions (Trend, Symantec, et al...) has
    not protected us. We are now reconsidering our stance on allowing .ZIP files
    in Email.

    We engineered our own cleaning utility hours before our AV vendors even had
    signatures. Infecting lab clients and using diff tools...etc

    From a network perspective we are watching for the supposed DOS against SCO.

    We have had the outbreak under control just a few hours after it's
    inception.

    Anyone care to contribute their experience?

    Thanks,
    Beleguese

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free web site building tool. Try it!
    http://webhosting.yahoo.com/ps/sb/

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Meritt James: "best defense (was: Re: Novarg"

    Relevant Pages

    • Re: Can receive mail but cannot receive any that have attachments
      ... You were right about NAV. ... > soon as I disabled it, I started getting attachments. ... >> Jim Pickering, MVP, Outlook Express ... >> Please reply to newsgroup only. ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Right click at Win XP caused system stuck
      ... > subscriber using their mail system. ... > do not open any of her attachments without first saving ... Look for an installation setting on NAV ... use another way to scan attachments. ...
      (microsoft.public.windowsxp.perform_maintain)
    • Re: Multiple Atachments
      ... And speaking of zip attachments: ... Bagle.F -- Uses PASSWORD PROTECTED ZIPS ... PA Bear wrote: ... >> Is there anyway to save atachments from multiple posts without having to ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Re: Help - problems retreiving mail in Cached mode.
      ... > which will download in non-cache mode, ... >>> I've read that there could be some problems using NAV 10 and Outlook ... Why are virus attachments even reaching ... if you have Exchange-aware antivirus software running? ...
      (microsoft.public.exchange2000.misc)
    • Re: Is a single souced AV package a valid strategy
      ... >> after downloading the July 30 MS XP updates. ... >> AV (NAV) which is updated regularly using LiveUpdate. ... > Both of these viruses are transmitted via email attachments. ... did you really fall for the Microsoft update via ...
      (alt.comp.anti-virus)