Full Disclosure mailing list archives
RE: [inbox] Re: RE: new internet explorer exploit (was new worm)
From: "Exibar" <exibar () thelair com>
Date: Mon, 29 Mar 2004 20:47:46 -0500
How can this be a 0-day worm is McAfee VirusScan picks it up as VBS/Psyme worm? In my opinion, in order to truely be a 0-day worm, it has to be completely new. It doesn't even have to be a new vulnerability really. 0-day --> date of birth (no AV signatures out at first onset, larger AV companies start releasing signatures after a couple hours of backwards engineering) 1 - 3 Day ---> living the good life (Large AV vendors have sigs out, smaller av vendors should have them out as well) 3+ Day ---> old.... (ALL AV vendors have sigs out) Now, a 0-day vulnerabilty and a 0-day worm for the 0-day vuln, would be something indeed. It surely would catch the world by surprise.... Psyme is not 0-day, McAfee had DATS out for it since October 8, last year, discovered September 30 last year... I'm not trying to start a flame war, thats just the way I see things. Exibar
-----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Monday, March 29, 2004 7:53 PM To: Drew Copley Cc: Jelmer; full-disclosure () lists netsys com; bugtraq () securityfocus com Subject: [inbox] Re: [Full-disclosure] RE: new internet explorer exploit (was new worm) On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley <dcopley () eeye com> said:Yeah. It is a zero day worm, and it is very notable as such. I can not recall a previous zero day worm. (AV is not my job, but I do try and follow zero day.) Hence, IE has birthed us the first zero day worm.Has anybody offered the Microsoft dude who denied the existence of 0-days some ketchup for his fried crow? ;)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Addressing Cisco Security Issues, (continued)
- Re: Addressing Cisco Security Issues Clayton Kossmeyer (Mar 29)
- Re: Re: Addressing Cisco Security Issues Luke Norman (Mar 29)
- Re: Addressing Cisco Security Issues Geoincidents (Mar 29)
- RE: Addressing Cisco Security Issues Lou Zirko (Mar 29)
- Re: Addressing Cisco Security Issues neal rauhauser (Mar 29)
- Re: Addressing Cisco Security Issues Clayton Kossmeyer (Mar 29)
- AW: new internet explorer exploit (was new worm) Ron Stiemer (Mar 29)
- Message not available
- Re: new internet explorer exploit (was new worm) Nick FitzGerald (Mar 30)
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 29)
- Re: new internet explorer exploit (was new worm) Berend-Jan Wever (Mar 29)
- Re: RE: new internet explorer exploit (was new worm) Valdis . Kletnieks (Mar 29)
- RE: [inbox] Re: RE: new internet explorer exploit (was new worm) Exibar (Mar 29)
- RE: new internet explorer exploit (was new worm) Thor Larholm (Mar 29)
- Re: RE: new internet explorer exploit (was new worm) Tim (Mar 29)
- Re: new internet explorer exploit (was new worm) Jelmer (Mar 30)
- Re: new internet explorer exploit (was new worm) - - (Mar 30)
- RE: new internet explorer exploit (was new worm) Drew Copley (Mar 30)