Full Disclosure mailing list archives
RE: A worm...
From: ATD <simon () snosoft com>
Date: 26 Jun 2003 11:36:00 -0400
Yep,
A few of our clients in both the public and private sectors were hit by
this too. What awes me is simple common sense would evade the entire
problem. Ah well... ;)
On Thu, 2003-06-26 at 11:33, Schmehl, Paul L wrote:
I can't speak for the others, but McAfee was detecting this worm just fine as soon as it hit our network. The only thing wrong was that it didn't have the name correct, but who really cares about that? We set up our scanners to always scan archives and zip files, so something like this is no big deal. We've quarantined over 900 copies in the past 20 hours, so it's a big deal to somebody.... Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/-----Original Message----- From: ATD [mailto:simon () snosoft com] Sent: Thursday, June 26, 2003 9:15 AM To: *Hobbit* Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] A worm... Yes, And this was my point. Are the crafty "worm gods" creating worms that evade detection by using compression and other methods? If they are doing this, and if they are creating the "stealth worms" whats next. Zip files would be just one of hundreds of ways to hide worms. Maybe the virus scanning technology needs to be kicked up a notch or two.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SV: A worm..., (continued)
- SV: A worm... Peter Kruse (Jun 26)
- Re: A worm... ATD (Jun 26)
- RE: A worm... *Hobbit* (Jun 25)
- RE: A worm... ATD (Jun 26)
- RE: A worm... M. Osten (Jun 26)
- Re: A worm... Brett Hutley (Jun 26)
- RE: A worm... Nick FitzGerald (Jun 26)
- RE: A worm... ATD (Jun 26)
- RE: A worm... Schmehl, Paul L (Jun 26)
- Re: A worm... morning_wood (Jun 26)
- RE: A worm... Schmehl, Paul L (Jun 26)
- RE: A worm... ATD (Jun 26)
- RE: A worm... *Hobbit* (Jun 27)
