Security Incidents mailing list archives
Re: recent sadmin worm
From: Robert Kinsey - VIS Contractor <robert.kinsey () sorta kelly af mil>
Date: Tue, 15 May 2001 17:13:23 +0000
Hello Vitaly, I have found that removing the file extension also removes the "anti-virus" scanner/signature problem that you alluded to, that being the vendors who purposely build a detection string in a "virus" scanner to detect and limit exploit code (non-malware). By removing the extension (.z i p, .e x e, what-have-you) will typically bypass most "scanners". Simply inform the recipient(s) what the proper ext should be when they save it down to a disk. Regards, Robert -- ROBERT KINSEY - Analyst Virus Analysis Team AFCERT
Current thread:
- recent sadmin worm Vitaly Osipov (May 14)
- Re: recent sadmin worm Vitaly Osipov (May 15)
- Re: recent sadmin worm Ryan Russell (May 15)
- Re: recent sadmin worm Devdas Bhagat (May 15)
- Re: recent sadmin worm Nick FitzGerald (May 16)
- Re: recent sadmin worm Ryan Russell (May 15)
- <Possible follow-ups>
- Re: recent sadmin worm Vitaly Osipov (May 15)
- Re: recent sadmin worm Robert Kinsey - VIS Contractor (May 15)
- Re: recent sadmin worm Vitaly Osipov (May 15)