Press reports regarding "SB/BadBunny-A" virus

Bruno Wolff III bruno at wolff.to
Tue May 29 04:46:28 UTC 2007 

On Tue, May 29, 2007 at 07:33:04 +0800,
  Ed Greshko <Ed.Greshko at greshko.com> wrote:
> D. Hugh Redelmeier wrote:
> 
> > | However, the OpenOffice.org community repeats the consistent message from
> > | security experts that users should never accept files from unknown
> > | sources.
> > 
> > That is silly advice.
> 
> Not really.  I think the wording should be modified to read "never accept or
>  open files unless they are coming from a trusted source".  Where "trusted"
> means you know the person who sent you the file and you know it came from
> that person.

And how do you tell that? Viruses pretend to be sent by people you know
as one of their tricks for replication. Are you suggesting you call someone
back on the phone (or email) to confirm every document that was sent to you?

> > 1. dangerous things can come (or appear to come) from known sources.
> 
> Only if the recipient is careless.  If you get an email from someone that
> you know but it is forged you should be able to detect by the content of the
> message if it was indeed sent by that person.

And how do you propose to do that? Have a secret nonstandard handshake
that you use with every correspondant? Viruses are capable of send email
from a person's normal email account and attaching themselves to a generic
text message. While these should raise suspicion, for many people these
seem fairly normal.

> All I know is that if someone I know appears to have sent me an email with
> an attachment and a quick message saying "Hey, check this out." my guard
> would be raised immediately and I'd verify before opening.  If they wrote
> more than "Hey, check this out." I'm confident the bogus sender would not be
> able to mimic the sender I know.

Perhaps. Right now they are picking up the low hanging fruit. If viruses
start looking at saved email messages they might be able to do significantly
better.

> I also know that I rarely open attachments from certain folks that I do know
> and do trust since the attachments they send are forwarded from untrusted
> sources.  But, since I know the person, I trust they are careless.  :-)

I prefer to trust that mail document viewer isn't going to screw me over.
Once upon a time this kind of misfeature was considered a bug. Though
some unix based document viewers have had these misfeatures in the past (e.g.
tex/latex and vi).

More information about the users mailing list