Full Disclosure mailing list archives

Re: First WMF mass mailer ItW (phishing Trojan)

From: Valdis.Kletnieks () vt edu
Date: Thu, 16 Feb 2006 11:19:33 -0500

On Thu, 16 Feb 2006 15:03:56 GMT, Vulnerability Management said:

How can this be called a worm? AFAIK, malware that needs human 
intervention to spread is a trojan, not a worm.


Enough users will just click 'OK' that it can effectively be considered
automatic enough to be classified a worm, not a trojan.

I mean - let's be realistic here. A worm that only manages 20% of the time to
turn off the A/V via pre-programmed means so it can continue propagating is
still clearly a worm (albiet a buggy one).  The mere fact that some worms use a
pre-programmed means to bypass the A/V that includes liveware muscular
activity(*) shouldn't eliminate its claim to wormhood....

(*) And yes, "just click OK" *is* sufficiently pre-programmed as to qualify as
automatic.  That's the *PROBLEM*... ;)

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

First WMF mass mailer ItW (phishing Trojan) Gadi Evron (Feb 16)
- Re: First WMF mass mailer ItW (phishing Trojan) Vulnerability Management (Feb 16)
  - Re: First WMF mass mailer ItW (phishing Trojan) Gadi Evron (Feb 16)
    - Re: First WMF mass mailer ItW (phishing Trojan) bkfsec (Feb 17)
  - Re: First WMF mass mailer ItW (phishing Trojan) Valdis . Kletnieks (Feb 16)
- Re: First WMF mass mailer ItW (phishing Trojan) Lance James (Feb 17)
  - Re: First WMF mass mailer ItW (phishing Trojan) Lance James (Feb 20)
  - RE: First WMF mass mailer ItW (phishing Trojan) - think singularities Ken Kousky (Feb 21)
    - Re: First WMF mass mailer ItW (phishing Trojan) - think singularities Lance James (Feb 21)
- <Possible follow-ups>
- RE: First WMF mass mailer ItW (phishing Trojan) Gadi Evron (Feb 16)