Security Incidents mailing list archives
Re: Novarg
From: James Riden <j.riden () massey ac nz>
Date: Thu, 29 Jan 2004 07:36:43 +1300
sloppy seconds <beleguese () yahoo com> writes:
To all, Yes as many of you have noticed Novarg is spreading fast. I work for a large international corporation and we have seen extensive infiltration. However, this worm has not proved to be as "damaging" as some may claim. The scary part is that our investment in AV solutions (Trend, Symantec, et al...) has not protected us. We are now reconsidering our stance on allowing .ZIP files in Email.
As you have found out there's a window between a new virus coming out and the AV signatures getting updated. (Even that didn't fix it with Blaster I think, but should cover email-borne viruses). Internal spread of Novarg is non-existent here, because no-one runs internal mailservers except us, and we make sure to block viruses and delay questionable attachments. Six hours is a long time to be vulnerable if someone really wants to write a really nasty worm - Blaster could have been a whole lot worse if properly coded. And if you let .zip files straight through then you could be in that position before you get the AV updates on the mailserver. I prefer to treat the desktop AV as a safety net; that is, it shouldn't get to that stage. cheers, Jamie -- James Riden / j.riden () massey ac nz / Systems Security Engineer GPG public key available at: http://www.massey.ac.nz/~jriden/ This post does not necessarily represent the views of my employer. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Novarg, (continued)
- Re: Novarg Matt Curtin (Jan 29)
- RE: Novarg - Stopping .Zip Files Tom Milliner (Jan 28)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- RE: Novarg - Stopping .Zip Files jamesworld (Jan 28)
- Re: Novarg - Stopping .Zip Files Bill Pennington (Jan 28)
- RE: Novarg - Stopping .Zip Files Timmothy Posey (Jan 30)
- Re: Novarg - Stopping .Zip Files Alvin Mills (Jan 30)
- Re: Novarg - Stopping .Zip Files Keith W. McCammon (Jan 28)
- Re: Novarg Dave Laird (Jan 28)
- RE: Novarg Wayne S. Ackley (Jan 28)
- Re: Novarg James Riden (Jan 28)
- RE: Novarg Chris Aguilar (Jan 28)
- RE: Novarg Jeremy Strachan (Jan 28)
- RE: Novarg Stephen Warren (Jan 29)
- Re: Novarg Robin Sheat (Jan 30)
- RE: Novarg steve bernacki (Jan 30)
- Re: Novarg Skip Carter (Jan 30)
- RE: Novarg Duston Sickler (Jan 29)
- RE: Novarg sloppy seconds (Jan 30)
- RE: Novarg Stephen Warren (Jan 29)
- RE: Novarg Robert Morales (Jan 28)
- RE: Novarg Rickert Gerhard (rgerhard) (Jan 29)
(Thread continues...)