lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <0EBC45FCABFC95428EBFC3A51B368C9501C9C4F4@jessica.herefordshire.gov.uk>
Date: Mon, 9 Feb 2004 17:02:06 -0000
From: "Randal, Phil" <prandal@...efordshire.gov.uk>
To: bugtraq@...urityfocus.com
Subject: RE: getting rid of outbreaks and spam


Larry Seltzer opined:

> I agree that MyDoom demonstrates all too clearly the inherent 
> limitations of conventional antivirus technology, but you're
> still unfair to it. First, the vast majority of attacks don't
> spread as far and as fast as MyDoom, and by the time one is
> likely to encounter it the AV companies have protection 
> available, so conscientious users can protect themselves.

Correction 1:  In the past the vast majority of attacks didn't
spread as far and as fast as MyDoom.  That's no cause for complacency.
I think we can expect a lot more rapid-spreading viruses in the future.

Correction 2:  Antivirus vendors weren't that fast in getting updates out
for MyDoom.A.  Times below are in GMT, based on information posted on the
ClamAV Users mailing list by Diego d'Ambra, which cited PC-Welt as the
source.

ClamAV- 26.01 20:23 - Worm.SCO.A
McAfee (BETA) - 26.01. 21:20 - W32/Mydoom@MM (you'd have to have manually
downloaded this one for it to have been any use)
Symantec (BETA) - 26.01. 22:00 - W32.Novarg.A@mm 
F-Prot - 26.01. 22:30 - W32/Mydoom.A@mm 
Trend Micro - 26.01. 22:35 - WORM_MIMAIL.R 
Trend (BETA) - 26.01. 22:35 - WORM_MIMAIL.R 
RAV - 26.01. 23:00 - Win32/Novarg.A@mm 
Norman - 26.01. 23:05 - MyDoom.A@mm 
F-Secure - 26.01. 23:05 - W32/Mydoom.A@mm 
Virusbuster - 26.01. 23:05 - I-Worm.Mydoom.A 
AVG - 26.01. 23:15 - I-Worm/Mydoom 
Avast - 26.01. 23:15 - Win32:Mydoom [Unp] 
Kaspersky - 26.01. 23:30 - I-Worm.Novarg 
AntiVir - 26.01. 23:30 - Worm/MyDoom.A2 
Symantec - 27.01. 00:05 - W32.Novarg.A@mm 
InoculateIT-CA - 27.01. 00:20 - Win32/Shimg.Worm 
Command - 27.01. 00:20 - W32/Mydoom.A@mm 
A2 - 27.01. 00:30 - Worm.Win32.Mydoom 
Sophos - 27.01. 00:40 - W32/MyDoom-A 
InoculateIT-VET - 27.01. 01:30 - Win32.Mydoom.A 
Esafe - 27.01. 01:50 - Win32.Mydoom.a 
Dr. Web - 27.01. 02:40 - Win32.HLLM.Foo.32768 
Panda (BETA) - 27.01. 03:10 - W32/Mydoom.A.worm 
McAfee - 27.01. 04:00 - W32/Mydoom@MM 
Quickheal - 27.01. 04:00 - W32.Novarg 
Bitdefender - 27.01. 04:00 - Win32.Novarg.A@mm 
Panda - 27.01. 04:10 - W32/Mydoom.A.worm 
Ikarus - 27.01. 08:35 - I-Worm.Mydoom

ClamAv detected our first incoming MyDoom.A at 00:20 GMT on January 27th,
well before some the main Antivirus vendors had patterns available for
autoupdate.  Consider also that some vendors still work on a weekly update
cycle (e.g. McAfee) with updates more frequently only when a virus is
detected in some numbers in the wild.  Bolting stable doors...

Cheers,

Phil


---------------------------------------------
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ