The Paris Hilton DoS

By Roger on August 11, 2004 6:03 PM |

I was going through the outbound viruses last night. Most were false positives on espn or cnn web pages that were pasted into an email message (the scanner didn't like the javascript). But one was called Exploit/BigEmail. that sounded kind of interesting. First I did a search to look for AV vendors with a virus named that. It sounded to me like the vendor was stopping large messages to avoid denial of service attacks.


I checked through the logs and it turned out to be a 365 MB mail message with a file named paris-DivX505-A.avi. It didn't take much detective work to conclude that a user was sending out the Paris Hilton sex tape via email! (the use of that term aught to get the hit count up a bit).

I thought that was freakin hilarious. I think the lesson to be learned here is its a good idea to have a maximum message size and enforce it at all levels. Even a very large limit like 100 MB would have prevented this message from being processed by exchange, scanned by trend micro, processed by sendmail before being stopped. This could have been really bad for the infrastructure.

Categories

Policy

Tags

About this Entry

This page contains a single entry by Roger published on August 11, 2004 6:03 PM.

Extending Group Policy was the previous entry in this blog.

Somewhere Steve Gibson is smiling is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search