RE: AV "feature" does more DDoS than Sobig

[Ron DuFresne <dufresne () winternet com>]

On Thu, 28 Aug 2003, Richard M. Smith wrote:

> Ron,
>
>    >>> else, you become part of the perpetual
>    >>> 'SPAM/viri-by-product" problem, wasting
>    >>> and consuming bandwidth
>
> Actually, it's important to get these false AV warning messages shut
> off.  One company that I contacted told me that they have already sent
> out hundreds of thousands of false warning messages about Sobig.F.  They
> are now working to get this feature turned off.  It looks like they are
> running some sort homebrew software and not a commercial package.

While I agree with you in concept and theory, I can tell you by
implimentation and experience, they will persist from most sites for the
duration.  Much as most the hacked/compromised systems that are the core
of the problem, will also persist to be issues and core parts of the
problem for a long long time.  Example, the number of systems still
infested with nimda/code-red that hit my logs years now, after the fact.
Some after more then one notice  and/or call to folks that handle the
systems but, remain clueless.  There isn't a lart large enough to dispense
enough clues to go around.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html