Monday, 17 March 2008

SBS Premium + ISA = You have received an e-card?!?

On the F-Secure Weblog, we have the following article: From SMTP to HTTP to FTP where Mikko talks about the e-card spam evolution.

What Mikko is indicating to us, is that the spammers now send us to a page that will have a link to the virus file via FTP. Note the file link revealing that it is an executable file on an ftp://... at the bottom left of the Hallmark card:

We all love those Greeting Cards! ;)

So, our Favourite User clicks on the link and voila ... they get?

Well, on a vanilla, out of the box SBS 2003 Premium install with ISA 2000/4 installed and configured via the Configure Email and Internet Connection Wizard (CEICW), the user gets absolutely nothing ... zippo ... nada ... and we get a support call from Favourite User wondering why they cannot get their greeting card. ;)

The FTP protocol through the ISA server is disabled by default. We do not enable FTP unless the client specifically needs it for Web site development access to their site root. In some cases, we have a scheduled time to turn FTP access on for our client's site coders when they will be working directly on their sites. We then disable the Rule when they are done.

It has been a long time since we have had a client request FTP access for something other than Web site coding. So many software sites use HTTP for data transfers now that FTP has become something of a special need in our experience.

This situation is a good example of why we have a 95% install base of SBS 2K3 Premium at our client sites.

Philip Elder
Microsoft Small Business Specialists

*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.

No comments: