[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1056641760.32761.55.camel@localhost.localdomain>
From: simon at snosoft.com (ATD)
Subject: A worm...
Yep,
A few of our clients in both the public and private sectors were hit by
this too. What awes me is simple common sense would evade the entire
problem. Ah well... ;)
On Thu, 2003-06-26 at 11:33, Schmehl, Paul L wrote:
> I can't speak for the others, but McAfee was detecting this worm just
> fine as soon as it hit our network. The only thing wrong was that it
> didn't have the name correct, but who really cares about that? We set
> up our scanners to always scan archives and zip files, so something like
> this is no big deal. We've quarantined over 900 copies in the past 20
> hours, so it's a big deal to somebody....
>
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/~pauls/
>
> > -----Original Message-----
> > From: ATD [mailto:simon@...soft.com]
> > Sent: Thursday, June 26, 2003 9:15 AM
> > To: *Hobbit*
> > Cc: full-disclosure@...ts.netsys.com
> > Subject: RE: [Full-Disclosure] A worm...
> >
> >
> > Yes,
> > And this was my point. Are the crafty "worm gods"
> > creating worms that evade detection by using compression and
> > other methods? If they are doing this, and if they are
> > creating the "stealth worms" whats next. Zip files would be
> > just one of hundreds of ways to hide worms. Maybe the virus
> > scanning technology needs to be kicked up a notch or two.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030626/49596c0f/attachment.bin
Powered by blists - more mailing lists