Latest Bagle varient spreads in password protected rar files

[James Gray]

Rose, Bobby wrote:
> Well considering that we had people email asking what to use now
 > that password protected zips are blocked, we suggested winrar which
 > also has password protection.  Some researchers tend to want to
 > transfer stuff securely to other researchers at other institutions
 > and had been using Winzip.  Now may be using winrar in light of Bagle.

We have similar problems but managed to narrow down to a handful of
users who *actually* needed secured transfers.  We conducted a  small
"education" session and implemented sftp instead of password protected
zips.  Our version of the "WS-FTP" client supports sftp/scp so the
interface was familiar for our users - we only needed to show them the
different config options.

Management, also, weren't keen on the idea of users sending and
receiving archives that could by-pass our content filtering/monitoring
system.  They saw it as possible route to leak sensitive company
information relatively undetected.  In short, we had the support of
senior management (CEO and  CTO) to arbitrarily block  password
protected archives - zip/rar etc.  The sftp users are logged and can
only connect to customer sites that we have arrangements with and
visa-versa.  Naturally all sftp transfers are logged.

In some ways these virus writers are forcing us into a more secure,
better organised system of transferring files.  It works for us.

Cheers,

James