Full Disclosure mailing list archives
RE: A worm...
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Thu, 26 Jun 2003 10:33:28 -0500
I can't speak for the others, but McAfee was detecting this worm just fine as soon as it hit our network. The only thing wrong was that it didn't have the name correct, but who really cares about that? We set up our scanners to always scan archives and zip files, so something like this is no big deal. We've quarantined over 900 copies in the past 20 hours, so it's a big deal to somebody.... Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
-----Original Message----- From: ATD [mailto:simon () snosoft com] Sent: Thursday, June 26, 2003 9:15 AM To: *Hobbit* Cc: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] A worm... Yes, And this was my point. Are the crafty "worm gods" creating worms that evade detection by using compression and other methods? If they are doing this, and if they are creating the "stealth worms" whats next. Zip files would be just one of hundreds of ways to hide worms. Maybe the virus scanning technology needs to be kicked up a notch or two.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: A worm..., (continued)
- Re: A worm... morning_wood (Jun 26)
- SV: A worm... Peter Kruse (Jun 26)
- Re: A worm... ATD (Jun 26)
- RE: A worm... *Hobbit* (Jun 25)
- RE: A worm... ATD (Jun 26)
- RE: A worm... M. Osten (Jun 26)
- Re: A worm... Brett Hutley (Jun 26)
- RE: A worm... Nick FitzGerald (Jun 26)
- RE: A worm... ATD (Jun 26)
- Re: A worm... morning_wood (Jun 26)
- RE: A worm... ATD (Jun 26)