lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <NMEAJDJMDLJLOIOCIKJJOEILFBAA.exibar@thelair.com>
From: exibar at thelair.com (Exibar)
Subject: [inbox] Re: RE: new internet explorer exploit (was new worm) 

How can this be a 0-day worm is McAfee VirusScan picks it up as VBS/Psyme
worm?  In my opinion, in order to truely be a 0-day worm, it has to be
completely new.  It doesn't even have to be a new vulnerability really.

 0-day  -->  date of birth  (no AV signatures out at first onset, larger AV
companies start releasing signatures after a couple hours of backwards
engineering)
 1 - 3 Day --->  living the good life  (Large AV vendors have sigs out,
smaller av vendors should have them out as well)
 3+ Day  ---> old.... (ALL AV vendors have sigs out)

  Now, a 0-day vulnerabilty and a 0-day worm for the 0-day vuln, would be
something indeed.  It surely would catch the world by surprise....

   Psyme is not 0-day, McAfee had DATS out for it since October 8, last
year, discovered September 30 last year...

I'm not trying to start a flame war, thats just the way I see things.

  Exibar

> -----Original Message-----
> From: Valdis.Kletnieks@...edu [mailto:Valdis.Kletnieks@...edu]
> Sent: Monday, March 29, 2004 7:53 PM
> To: Drew Copley
> Cc: Jelmer; full-disclosure@...ts.netsys.com; bugtraq@...urityfocus.com
> Subject: [inbox] Re: [Full-Disclosure] RE: new internet explorer exploit
> (was new worm)
>
>
> On Mon, 29 Mar 2004 11:44:12 PST, Drew Copley <dcopley@...e.com>  said:
>
> > Yeah. It is a zero day worm, and it is very notable as such.
> >
> > I can not recall a previous zero day worm. (AV is not my job, but I do
> > try and follow zero day.)
> >
> > Hence, IE has birthed us the first zero day worm.
>
> Has anybody offered the Microsoft dude who denied the existence of 0-days
> some ketchup for his fried crow? ;)
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ