Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: another new worm submission

From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 7 Jun 2004 20:19:51 -0500


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/  


-----Original Message-----
From: Perrymon, Josh L. [mailto:PerrymonJ () bek com] 
Sent: Sunday, June 06, 2004 10:36 PM
To: 'Ron DuFresne'; Jerry Heidtke
Cc: Schmehl, Paul L; full-disclosure () netsys com
Subject: RE: [Full-disclosure] another new worm submission

I agree.

Anyone that would have those ports open has a *lot more to 
worry about that cleaning a few worm infections.
That's not the case here. This infection was caused by a 
remote user not a Lan user.
With several hundred laptops it's hard have 0 exposure. As 
with any growing security practice and today's decreased 
budgets areas of focus are determined on risk exposure.

Anywho-
I found the Trojan to be backdoor.nibu.g- although Symantec 
AV didn't pick it up until tonight.

I think this is a good example that perimeter security is 
only part of the battle. 
Tomorrow's morning meeting will stress the importance of 
desktop firewalls again and a good patch management process.
You can talk until your blue in the face to upper management 
but I find 90% to be reactive.


I rest my case.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: