Security Incidents mailing list archives
Re: Voluminous SSHd scanning; possible worm activity ?
From: "Philipp Stucke" <philipp.stucke () t-online de>
Date: Thu, 13 Dec 2001 18:59:11 +0100
Hi, I couldnt download that specific file because I'm getting a 404 error, so I can't judge for sure, but Norton AntiVirus is really not scanning good when it comes to Unix files, and I think thats the same for McAcfee. Most of Linux stuff is recognized as "linux fork bomb" "linux logical trojan" or "generic worm", which is not really true and/or missleading. Mostly, they judge linux exploits as some "malicious code" and so give you the result you got. To sum it up, I wouldnt care if a windows specific scanner tries to judge Linux exploits/tools/programs ;-) Maybe someone who has more knowledge on the detection routines of virus scanners can light this up.
mcaffee reports the x2 file as containing the bleh unix worm ??
Regards, Philipp ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Voluminous SSHd scanning; possible worm activity ? Gommers, Joep (Dec 12)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Philipp Stucke (Dec 13)
- Re: Voluminous SSHd scanning; possible worm activity ? Dave Dittrich (Dec 14)
- Re: Voluminous SSHd scanning; possible worm activity ? Dragos Ruiu (Dec 16)
- Re: Voluminous SSHd scanning; possible worm activity ? Steve Wright (Dec 13)