RE: A worm...

["Schmehl, Paul L" <pauls () utdallas edu>]

I can't speak for the others, but McAfee was detecting this worm just
fine as soon as it hit our network.  The only thing wrong was that it
didn't have the name correct, but who really cares about that?  We set
up our scanners to always scan archives and zip files, so something like
this is no big deal.  We've quarantined over 900 copies in the past 20
hours, so it's a big deal to somebody....

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

> -----Original Message-----
> From: ATD [mailto:simon () snosoft com] 
> Sent: Thursday, June 26, 2003 9:15 AM
> To: *Hobbit*
> Cc: full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] A worm...
>
>
> Yes, 
>       And this was my point. Are the crafty "worm gods" 
> creating worms that evade detection by using compression and 
> other methods?  If they are doing this, and if they are 
> creating the "stealth worms" whats next. Zip files would be 
> just one of hundreds of ways to hide worms. Maybe the virus 
> scanning technology needs to be kicked up a notch or two.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html