|
Full Disclosure
mailing list archives
RE: another new worm submission
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 7 Jun 2004 20:19:51 -0500
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
-----Original Message-----
From: Perrymon, Josh L. [mailto:PerrymonJ () bek com]
Sent: Sunday, June 06, 2004 10:36 PM
To: 'Ron DuFresne'; Jerry Heidtke
Cc: Schmehl, Paul L; full-disclosure () netsys com
Subject: RE: [Full-disclosure] another new worm submission
I agree.
Anyone that would have those ports open has a *lot more to
worry about that cleaning a few worm infections.
That's not the case here. This infection was caused by a
remote user not a Lan user.
With several hundred laptops it's hard have 0 exposure. As
with any growing security practice and today's decreased
budgets areas of focus are determined on risk exposure.
Anywho-
I found the Trojan to be backdoor.nibu.g- although Symantec
AV didn't pick it up until tonight.
I think this is a good example that perimeter security is
only part of the battle.
Tomorrow's morning meeting will stress the importance of
desktop firewalls again and a good patch management process.
You can talk until your blue in the face to upper management
but I find 90% to be reactive.
I rest my case.
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- Re: another new worm submission, (continued)
|
Intro
