| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rgerhards at hq.adiscon.com (Rainer Gerhards) Subject: AV "feature" does more DDoS than Sobig I agree that there is a problem with these replies nowadays, but I do not see the loop? How does A restart the cycle? All I see is that A potentially receives massive amounts of these "virus messages" (which of course can be a problem). Am I missing something? Rainer > -----Original Message----- > From: Fabio Gomes de Souza [mailto:bugtraq@....com.br] > Sent: Thursday, August 28, 2003 3:05 PM > To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] AV "feature" does more DDoS than Sobig > > > Hello, > > Anti-virus products are causing more harm than the Sobig Worm. > > Some of my customers are having the following problem: > > B = Customer of my customer (infected) > C,D,E = Some random company (victims of Sobig) > A = My customer (victim of AV marketing) > > The Sobig worm infected B. > > In its propagation loop, the worm composes a message, chooses > two random > items in the Address Book, and puts the first in the "From:" and the > second in the "To:" header. Then all virus messages are spoofed. > > The problem is that many e-mail virus scanners send a "You > are infected" > reply to the address contained in the "From" header. Since > the messages > are spoofed, the inoccent, uninfected user "A" is flooded by > automatic > complaints from "C","D","E" regarding the virus that "B" sends. > > Anti-virus companies seem to spend more money on marketing/visibility > than on actually protecting their customers. This marketing > stupidity is > done by adding USELESS features, which spreads false information and > delivers false sense of security: > > - "You're infected" reply (false positive) > - "This message is 100% virus-free certified" signature > line (false > sense of security) > - Anti-virus buttons on Internet Explorer toolbar (just > to launch the AV) > - Splash screens every time you: > - boot your computer > - send e-mail > - check pop3 e-mail > - turn your computer off > - System tray useless icons (in some AVs, the system > tray icon does > nothing except for launching the AV program) > - Redundant shortcut icons in Desktop, Start Menu root, > Quick Launch > and Start Menu program folder > > This kind of stupidity from AV companies makes me hate them > more every day. > > -- > Fabio Gomes de Souza <fabio@....com.br> Fone: (81) 9127-0597 > > GS2 TECNOLOGIA DA INFORMA??O LTDA > - Infra-estrutura de TI, seguran?a, sistemas embutidos e Linux > - Consultoria, planejamento, implementa??o e gerenciamento > http://www.gs2.com.br negocios@....com.br (81) 3492-7777 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists