Re: [Full-Disclosure] A worm...
From: Nexus (nexus_at_patrol.i-way.co.uk)
Date: 06/26/03
- Previous message: morning_wood: "Re: [Full-Disclosure] A worm..."
- In reply to: Peter Kruse: "SV: [Full-Disclosure] A worm..."
- Next in thread: ATD: "Re: [Full-Disclosure] A worm..."
- Reply: ATD: "Re: [Full-Disclosure] A worm..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Peter Kruse" <kruse@krusesecurity.dk>, <full-disclosure@lists.netsys.com> Date: Thu, 26 Jun 2003 15:59:13 +0100
----- Original Message -----
From: "Peter Kruse" <kruse@krusesecurity.dk>
To: <full-disclosure@lists.netsys.com>
Sent: Thursday, June 26, 2003 1:57 PM
Subject: SV: [Full-Disclosure] A worm...
[snip]
> malicious code inside the new rar format and spread it. I suppose itīs
> fairly easy to write a worm that packs itself with a random password and
> inserts this into a e-mail sent to the victim. This way it will pass
> most AV-gateway scanners since they won't have access to scan inside the
> zipe archive.
In that case [the content analysis engine] should automatically quarantine
the attachment and await human intervention.
Otherwise, why bother with them at all ? It's an odd world when the
preferred solution is an application rather than user edumacation.
Cheers.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: morning_wood: "Re: [Full-Disclosure] A worm..."
- In reply to: Peter Kruse: "SV: [Full-Disclosure] A worm..."
- Next in thread: ATD: "Re: [Full-Disclosure] A worm..."
- Reply: ATD: "Re: [Full-Disclosure] A worm..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
