Please work around our security. Instructions enclosed.

by brian d foy


I got this in email today. It's a response to someone who used my email address to send US Airways a possibly malicious email attachment.



The postmaster catches this and sends it back. Okay, that's not so bad. They don't want random attachments in email. But then, they tell me how to get around this. I rename the file and hope the user looks at it. You don't need everyone to look at it: just one person. When these guys send out a load of malicious mail, they don't expect most people to see it. Success rates in the sub-percent values can be significant. Someone at US Airways is going to fall for it. It's inevitable.



So what do you think the next version of a malicious email to US Airways should look like?




Date: Tue, 30 Nov 2004 07:11:59 -0500 (CDT)
From: US Airways Postmaster
Reply-To: do_not_reply@usairways.com
To: bdfoy@cpan.org
Subject: Disallowed attachment in message

In order to protect our network from viruses, US Airways prohibits
receipt of certain file attachments via email. The email message
described below has been deleted and was not received by the
intended recipient. This is not an indication that the attachment
contained a virus. It is simply a precaution.


To successfully deliver the message, you should first rename the
file so that the file extension is changed to "[PROTECTED]" and then resend
the file. Include instructions to the recipient to rename the file
back to its original file extension.


Email details:

Date: Tue, 30 Nov 2004 07:11:55 -0600
Sender:
Recipient:
Subject: Re: Mail Authentification
Attachment Name: document.zip
Attachment Type: ZIP Archive File

2 Comments

Sysadmn
2004-12-01 06:57:10
Convenience vs. Security
Actually, this almost makes sense. It could help stop zero-day attacks, provide a way for users to actually get work done, and still make it difficult for virus writers. If you're running server-based antivirus, and client antivirus, bouncing the message gives you time to get an updated signature file out :-) Moreover, if each large company uses a different tag, you can't create a single virus that bypasses everyone's mail filters.
MrCPU
2004-12-02 06:55:39
Getting Work Done
It's very frustrating when people actually need to get work done!