Security Incidents mailing list archives

Novarg

From: sloppy seconds <beleguese () yahoo com>
Date: Tue, 27 Jan 2004 20:32:13 -0800 (PST)

To all, 

Yes as many of you have noticed Novarg is spreading
fast. I work for a large international corporation and
we have seen extensive infiltration. However, this
worm has not proved to be as "damaging" as some may
claim. The scary part is that our investment in AV
solutions (Trend, Symantec, et al...) has not
protected us. We are now reconsidering our stance on
allowing .ZIP files in Email. 

We engineered our own cleaning utility hours before
our AV vendors even had signatures. Infecting lab
clients and using diff tools...etc

From a network perspective we are watching for the

supposed DOS against SCO. 

We have had the outbreak under control just a few
hours after it's inception. 

Anyone care to contribute their experience?

Thanks, 
Beleguese


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Novarg sloppy seconds (Jan 28)
- Re: Novarg Jonathan A. Zdziarski (Jan 28)
  - Re: Novarg James Riden (Jan 28)
  - Re: Novarg Jim Zajkowski (Jan 28)
    - Re: Novarg Nick FitzGerald (Jan 29)
  - Re: Novarg Greg A. Woods (Jan 28)
    - Re: Novarg Jonathan A. Zdziarski (Jan 28)
    - best defense (was: Re: Novarg Meritt James (Jan 29)
    - Re: best defense (was: Re: Novarg Greg A. Woods (Jan 30)
    - Re: Novarg Matt Curtin (Jan 30)
  - Re: Novarg Matt Curtin (Jan 29)

(Thread continues...)