Re: Warning - new trend of attempts to infect ISP users (possibly virus)

["Kevin Oberman" <oberman () es net>]

> Date: Wed, 3 Mar 2004 16:15:39 +0000 (GMT)
> From: "Stephen J. Wilcox" <steve () telecomplete co uk>
> Sender: owner-nanog () merit edu
>
>
> > > Erm is it me or are the writers of Bagle and Netsky determined to keep morphing 
> > > their code to outwit the virus scanners.. is this a new trend in virus writing - 
> > > beat the systems by evolving your code quicker than the security firms can 
> > > release updates?
> >
> > new trend in that it started only a decade ago?
>
> Perhaps I'm only following this as its affecting us more, but I dont recall a 
> time previously when I've had so many viruses hitting us and getting thro our 
> scanners with nothing we can do about it. I dont recall seeing viruses with 
> variants as high as 'j' before, especially in the relatively short time since 
> the previous variants were out
>
> Seriously, drop some references if I'm off-track.. its just my perception and 
> I'm not an expert at all with viruses...

They are getting batter at it, but the WANK worm (1989) used
self-modifying code so that no two replicas were the same. (Note: This
worm only infected VMS systems running on the global DECNET internet,
mostly DOE, NASA, and DEC corporate systems.)
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman () es net                       Phone: +1 510 486-8634