Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: [SPAM] Fw: Joke.cpl ???
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 29 Oct 2004 09:45:57 -0500

We have had this talk on FD before...just search for AV Naming in the
archives....fun stuff. 

-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
Hugo van der Kooij
Sent: Friday, October 29, 2004 7:54 AM
To: Full-Disclosure () lists netsys com
Subject: Re: [SPAM] Fw: [Full-disclosure] Joke.cpl ???

On Fri, 29 Oct 2004, Daniel Bachfeld wrote:

So far we have Bagle AQ, AT, AU, AY and BB for the same worm More 

This is the biggest divergence i've seen the last months. 
Is there any 
reason, why the vendors could not agree on one name? We 
already have 
CVE-entries and Bugtraq-IDs for vulnerabilities.

So far I noticed at least two distinct files which were 
detected as W32/Bable.AP () mm (F-Prot) or Worm.Bagle.AT (ClamAV).

Now I get freash trash Which is decoded as W32/Bagle.AQ () mm 
(F-Prot) or Worm.Bagle.AX (ClamAV).

I am under the impression it is not a single infection.

But I share your sense of utter confusion. To which the 
people of ClamAV have contributed way too much. (Noticed 
their 'SomeFool'series?)


      I hate duplicates. Just reply to the relevant mailinglist.
      hvdkooij () vanderkooij org             
              Don't meddle in the affairs of magicians,
              for they are subtle and quick to anger.

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • RE: [SPAM] Fw: Joke.cpl ??? Todd Towles (Oct 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]