RE: [inbox] Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm)

From: Exibar (exibar_at_thelair.com)
Date: 03/30/04

  • Next message: Tim: "Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm)"
    To: <full-disclosure@lists.netsys.com>
    Date: Mon, 29 Mar 2004 20:47:46 -0500
    
    

    How can this be a 0-day worm is McAfee VirusScan picks it up as VBS/Psyme
    worm? In my opinion, in order to truely be a 0-day worm, it has to be
    completely new. It doesn't even have to be a new vulnerability really.

     0-day --> date of birth (no AV signatures out at first onset, larger AV
    companies start releasing signatures after a couple hours of backwards
    engineering)
     1 - 3 Day ---> living the good life (Large AV vendors have sigs out,
    smaller av vendors should have them out as well)
     3+ Day ---> old.... (ALL AV vendors have sigs out)

      Now, a 0-day vulnerabilty and a 0-day worm for the 0-day vuln, would be
    something indeed. It surely would catch the world by surprise....

       Psyme is not 0-day, McAfee had DATS out for it since October 8, last
    year, discovered September 30 last year...

    I'm not trying to start a flame war, thats just the way I see things.

      Exibar

    > -----Original Message-----
    > From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
    > Sent: Monday, March 29, 2004 7:53 PM
    > To: Drew Copley
    > Cc: Jelmer; full-disclosure@lists.netsys.com; bugtraq@securityfocus.com
    > Subject: [inbox] Re: [Full-Disclosure] RE: new internet explorer exploit
    > (was new worm)
    >
    >
    > On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley <dcopley@eeye.com> said:
    >
    > > Yeah. It is a zero day worm, and it is very notable as such.
    > >
    > > I can not recall a previous zero day worm. (AV is not my job, but I do
    > > try and follow zero day.)
    > >
    > > Hence, IE has birthed us the first zero day worm.
    >
    > Has anybody offered the Microsoft dude who denied the existence of 0-days
    > some ketchup for his fried crow? ;)
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Tim: "Re: [Full-Disclosure] RE: new internet explorer exploit (was new worm)"

    Relevant Pages