Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [inbox] Re: RE: new internet explorer exploit (was new worm)
From: "Exibar" <exibar () thelair com>
Date: Mon, 29 Mar 2004 20:47:46 -0500

How can this be a 0-day worm is McAfee VirusScan picks it up as VBS/Psyme
worm?  In my opinion, in order to truely be a 0-day worm, it has to be
completely new.  It doesn't even have to be a new vulnerability really.

 0-day  -->  date of birth  (no AV signatures out at first onset, larger AV
companies start releasing signatures after a couple hours of backwards
 1 - 3 Day --->  living the good life  (Large AV vendors have sigs out,
smaller av vendors should have them out as well)
 3+ Day  ---> old.... (ALL AV vendors have sigs out)

  Now, a 0-day vulnerabilty and a 0-day worm for the 0-day vuln, would be
something indeed.  It surely would catch the world by surprise....

   Psyme is not 0-day, McAfee had DATS out for it since October 8, last
year, discovered September 30 last year...

I'm not trying to start a flame war, thats just the way I see things.


-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Monday, March 29, 2004 7:53 PM
To: Drew Copley
Cc: Jelmer; full-disclosure () lists netsys com; bugtraq () securityfocus com
Subject: [inbox] Re: [Full-disclosure] RE: new internet explorer exploit
(was new worm)

On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley <dcopley () eeye com>  said:

Yeah. It is a zero day worm, and it is very notable as such.

I can not recall a previous zero day worm. (AV is not my job, but I do
try and follow zero day.)

Hence, IE has birthed us the first zero day worm.

Has anybody offered the Microsoft dude who denied the existence of 0-days
some ketchup for his fried crow? ;)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]