[AusNOG] CryptoLocker Virus

Pinkerton, Eric (AU Sydney) Eric.Pinkerton at baesystemsdetica.com
Thu Oct 24 11:27:24 EST 2013 

I can't believe anyone is still sending/or allowing for that matter, exe's in email in 2013! - That's like sooo 1998.

I would have said malware is more likely to arrive by PDF these days for exactly that reason, but more to the point, clicking on a link is all it really takes to compromise a machine.

If I want to infect you with an exe, and you block it, Then I will just put the file in a drop box(or whatever), and send you an invite - your users are well attuned to clicking on such links.

IMHO, The 'best' policy is a combination of many things starting with training your end users to spot dodgy looking links, filtering egress traffic, patching patching and more patching, not using XP with IE6, monitoring your logs, changing your default password from 'password' and giving people permissions in line with their requirements (ie not making everyone a domain admin) etc etc.

My 2c

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Thomas Jackson
Sent: Thursday, 24 October 2013 10:29 AM
To: 'AusNOG at lists.ausnog.net'
Subject: Re: [AusNOG] CryptoLocker Virus

The best policy is to just block all executables coming via email - we have all of ours go into a quarantine so someone from IT can get at them if needed (like updates to our payroll system that only are distributed via email for reasons that remain unclear to me). That stops the average user from randomly clicking on attachments and I often see viruses sitting in there that have managed to get through all of the other filters.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Damian Guppy
Sent: Thursday, 24 October 2013 12:00 AM
To: Sean Slater
Cc: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] CryptoLocker Virus

Very annoying, and from what I have seen around on forums, it has picked up a lot more this week. We decided to move ahead with blocking all executables in emails on the clients that didn't already have the policy.


_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list