RE: [Full-Disclosure] another new worm submission

From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: 06/08/04

Next message: Dark Bicho: "[Full-Disclosure] Multiple vulnerabilities PHP-Nuke"

Previous message: Jelmer: "[Full-Disclosure] RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"
Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] another new worm submission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Perrymon, Josh L." <PerrymonJ@bek.com>, "Ron DuFresne" <dufresne@winternet.com>, "Jerry Heidtke" <insecure@ameritech.net>
Date: Mon, 7 Jun 2004 20:19:51 -0500

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ@bek.com]
> Sent: Sunday, June 06, 2004 10:36 PM
> To: 'Ron DuFresne'; Jerry Heidtke
> Cc: Schmehl, Paul L; full-disclosure@netsys.com
> Subject: RE: [Full-Disclosure] another new worm submission
>
> I agree.
>
> Anyone that would have those ports open has a *lot more to
> worry about that cleaning a few worm infections.
> That's not the case here. This infection was caused by a
> remote user not a Lan user.
> With several hundred laptops it's hard have 0 exposure. As
> with any growing security practice and today's decreased
> budgets areas of focus are determined on risk exposure.
>
> Anywho-
> I found the Trojan to be backdoor.nibu.g- although Symantec
> AV didn't pick it up until tonight.
>
> I think this is a good example that perimeter security is
> only part of the battle.
> Tomorrow's morning meeting will stress the importance of
> desktop firewalls again and a good patch management process.
> You can talk until your blue in the face to upper management
> but I find 90% to be reactive.
>
I rest my case.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Dark Bicho: "[Full-Disclosure] Multiple vulnerabilities PHP-Nuke"

Previous message: Jelmer: "[Full-Disclosure] RE: Internet explorer 6 execution of arbitrary code (An analysis of the 180 Solutions Trojan)"
Maybe in reply to: Perrymon, Josh L.: "[Full-Disclosure] another new worm submission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: [Full-Disclosure] An open question for Snort and Project Honeynet
... The University of Texas at Dallas ... AVIEN Founding Member ... > Project Honeynet ...
(Full-Disclosure)
[Full-Disclosure] (no subject)
... University of Texas at Dallas ... AVIEN Founding Member ... > this whole security business is just a waste of time. ...
(Full-Disclosure)
Mouse problem solved???
... Adjunct Information Security Officer ... University of Texas at Dallas ...
(freebsd-questions)
RE: Help needed re Mozilla with libjavaplugin_oji_so
... Adjunct Information Security Officer ... The University of Texas at Dallas ...
(freebsd-questions)
[Full-Disclosure] On Full Disclosure, broken scripts, life, the universe, and everything...
... The University of Texas at Dallas ... AVIEN Founding Member ... > scripts, life, the universe, and everything... ...
(Full-Disclosure)