Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Want to write a disinfection tool?

From: "L. Christopher Paul" <lcp () bofh sh>
Date: Sun, 05 Aug 2001 22:24:11 -0400
One question ... Mighten this lead to a false sense of security?
With the CRv1 or CRv2 I can see this as being appropriate, but with CRII creating backdoors and then broadcasting the vulnerability, the incidence of compromises beyond the initial worm infestation is incredibly high.
By automating a 'fix', and not rebuilding the box, there is no guarantee that the box is safe to be re-connected to the network; only that the worm is gone and that it can't be re-infected.
If such a tool is built (which isn't all bad), it needs to be shipped with a big 'ole warning to that effect. 

--lcp

At 07:11 PM 8/5/2001 -0600, you wrote:

Anyone on the list that is a VBScript programmer that wants to write
a disinfection tool for Code Red II?

The scripts would need to:





----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: