Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: First WMF mass mailer ItW (phishing Trojan)
From: Valdis.Kletnieks () vt edu
Date: Thu, 16 Feb 2006 11:19:33 -0500

On Thu, 16 Feb 2006 15:03:56 GMT, Vulnerability Management said:
How can this be called a worm? AFAIK, malware that needs human 
intervention to spread is a trojan, not a worm.

Enough users will just click 'OK' that it can effectively be considered
automatic enough to be classified a worm, not a trojan.

I mean - let's be realistic here. A worm that only manages 20% of the time to
turn off the A/V via pre-programmed means so it can continue propagating is
still clearly a worm (albiet a buggy one).  The mere fact that some worms use a
pre-programmed means to bypass the A/V that includes liveware muscular
activity(*) shouldn't eliminate its claim to wormhood....

(*) And yes, "just click OK" *is* sufficiently pre-programmed as to qualify as
automatic.  That's the *PROBLEM*... ;)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]