lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: Bart.Lansing at kohls.com (Bart.Lansing@...ls.com)
Subject: New MyDoom or Netsky variant?


Niek,

 Symantec only updates HOME users though Live Update once or so a week 
unless there is something critical (and of course you can go to them and 
obtain new sigs more frequently, just that you have to go do it). 

This has nothing at all to do with the speed or frequency of updates for 
enterprise users.  We routinely see mulitple updates in a day, in some 
"firefights" we have seen them back to back as close as 15 minutes to each 
other.  As far as not using Symantec on a mail server, we certainly do, in 
tandem with Trend.  Let me ask you Niek, just what is it you use to 
protect the thousands of desktops you are responsible for?

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin@...ts.netsys.com wrote on 07/19/2004 05:50:55 PM:

> Vic Vandal wrote:
> 
> > Anyone seeing what looks like a brand new MyDoom variant?
> > Comes in e-mail as a message.zip, extracts to a message.doc
> > followed by a LOT of spaces and then a .pif extension.
> > I've only started to look at the encoded attachment, but
> > someone who opened it had a LSASS.EXE start up and take
> > about 96% CPU utilization.  I scanned the offending Outlook
> > attachment with the latest Symantec sigs, but it didn't recognize
> > it.  The .pif appears to be packed with UPX.
> 
> Don't use symantec for fast updates.
> They only update liveupdate 1-2 per week.
> If you want updates more often, you have grab their intelligent updater
> manually (1 per day), or grab their beta updates (also manually).
> 
> Only if they regard the virus to be a serious threat, they offer an
> immediate liveupdate. For something as mail protection, they are too 
slow.
> Then again, you don't use symantec products on a mail server.
> 
> Regards,
> 
> Niek Baakman
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to retrieve and read any message created, sent and received.  Kohl's reserves the right to monitor messages by authorized Kohl's Associates at any time
without any further consent.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040720/c3bf081a/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ