RE: [Full-Disclosure] A worm...

From: ATD (simon_at_snosoft.com)
Date: 06/26/03

  • Next message: Peter Kruse: "SV: [Full-Disclosure] A worm..." 
    To: "Schmehl, Paul L" <pauls@utdallas.edu>
Date: 26 Jun 2003 11:36:00 -0400

    Yep,
            A few of our clients in both the public and private sectors were hit by
    this too. What awes me is simple common sense would evade the entire
    problem. Ah well... ;)

    On Thu, 2003-06-26 at 11:33, Schmehl, Paul L wrote:
    > I can't speak for the others, but McAfee was detecting this worm just
    > fine as soon as it hit our network. The only thing wrong was that it
    > didn't have the name correct, but who really cares about that? We set
    > up our scanners to always scan archives and zip files, so something like
    > this is no big deal. We've quarantined over 900 copies in the past 20
    > hours, so it's a big deal to somebody....
    >
    > Paul Schmehl (pauls@utdallas.edu)
    > Adjunct Information Security Officer
    > The University of Texas at Dallas
    > AVIEN Founding Member
    > http://www.utdallas.edu/~pauls/
    >
    > > -----Original Message-----
    > > From: ATD [mailto:simon@snosoft.com]
    > > Sent: Thursday, June 26, 2003 9:15 AM
    > > To: *Hobbit*
    > > Cc: full-disclosure@lists.netsys.com
    > > Subject: RE: [Full-Disclosure] A worm...
    > >
    > >
    > > Yes,
    > > And this was my point. Are the crafty "worm gods"
    > > creating worms that evade detection by using compression and
    > > other methods? If they are doing this, and if they are
    > > creating the "stealth worms" whats next. Zip files would be
    > > just one of hundreds of ways to hide worms. Maybe the virus
    > > scanning technology needs to be kicked up a notch or two.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Peter Kruse: "SV: [Full-Disclosure] A worm..."