| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Feb 2004 17:02:06 -0000 From: "Randal, Phil" <prandal@...efordshire.gov.uk> To: bugtraq@...urityfocus.com Subject: RE: getting rid of outbreaks and spam Larry Seltzer opined: > I agree that MyDoom demonstrates all too clearly the inherent > limitations of conventional antivirus technology, but you're > still unfair to it. First, the vast majority of attacks don't > spread as far and as fast as MyDoom, and by the time one is > likely to encounter it the AV companies have protection > available, so conscientious users can protect themselves. Correction 1: In the past the vast majority of attacks didn't spread as far and as fast as MyDoom. That's no cause for complacency. I think we can expect a lot more rapid-spreading viruses in the future. Correction 2: Antivirus vendors weren't that fast in getting updates out for MyDoom.A. Times below are in GMT, based on information posted on the ClamAV Users mailing list by Diego d'Ambra, which cited PC-Welt as the source. ClamAV- 26.01 20:23 - Worm.SCO.A McAfee (BETA) - 26.01. 21:20 - W32/Mydoom@MM (you'd have to have manually downloaded this one for it to have been any use) Symantec (BETA) - 26.01. 22:00 - W32.Novarg.A@mm F-Prot - 26.01. 22:30 - W32/Mydoom.A@mm Trend Micro - 26.01. 22:35 - WORM_MIMAIL.R Trend (BETA) - 26.01. 22:35 - WORM_MIMAIL.R RAV - 26.01. 23:00 - Win32/Novarg.A@mm Norman - 26.01. 23:05 - MyDoom.A@mm F-Secure - 26.01. 23:05 - W32/Mydoom.A@mm Virusbuster - 26.01. 23:05 - I-Worm.Mydoom.A AVG - 26.01. 23:15 - I-Worm/Mydoom Avast - 26.01. 23:15 - Win32:Mydoom [Unp] Kaspersky - 26.01. 23:30 - I-Worm.Novarg AntiVir - 26.01. 23:30 - Worm/MyDoom.A2 Symantec - 27.01. 00:05 - W32.Novarg.A@mm InoculateIT-CA - 27.01. 00:20 - Win32/Shimg.Worm Command - 27.01. 00:20 - W32/Mydoom.A@mm A2 - 27.01. 00:30 - Worm.Win32.Mydoom Sophos - 27.01. 00:40 - W32/MyDoom-A InoculateIT-VET - 27.01. 01:30 - Win32.Mydoom.A Esafe - 27.01. 01:50 - Win32.Mydoom.a Dr. Web - 27.01. 02:40 - Win32.HLLM.Foo.32768 Panda (BETA) - 27.01. 03:10 - W32/Mydoom.A.worm McAfee - 27.01. 04:00 - W32/Mydoom@MM Quickheal - 27.01. 04:00 - W32.Novarg Bitdefender - 27.01. 04:00 - Win32.Novarg.A@mm Panda - 27.01. 04:10 - W32/Mydoom.A.worm Ikarus - 27.01. 08:35 - I-Worm.Mydoom ClamAv detected our first incoming MyDoom.A at 00:20 GMT on January 27th, well before some the main Antivirus vendors had patterns available for autoupdate. Consider also that some vendors still work on a weekly update cycle (e.g. McAfee) with updates more frequently only when a virus is detected in some numbers in the wild. Bolting stable doors... Cheers, Phil --------------------------------------------- Phil Randal Network Engineer Herefordshire Council Hereford, UK
Powered by blists - more mailing lists