Re: Pretty Park IDS Detection

[brett () LARIAT ORG (Brett Glass)]

It is good to see that patterns are being circulated for hardware and
software other than workstation virus checkers; they're sorely needed.

McAfee's automatic update service will not provide their users with pattern
file that protects against the latest version of PrettyPark until tomorrow
(March 1, 2000). Other virus detectors seem to be picking up this new
version, so the greatly increased number of poisoned e-mails we are seeing
is a reflection of McAfee's popularity and of the reliance that people must
be placing upon their virus detectors to catch Trojans.

Fortunately, we now include detection scripts on every e-mail server we set
up, and the scripts we use have so far detected all versions of PrettyPark.
Not that we're sitting on our laurels, mind you. The moment a new piece of
malware comes out, we're on it.

--Brett Glass