Re: recent sadmin worm

From: Robert Kinsey - VIS Contractor (robert.kinseyat_private)
Date: Tue May 15 2001 - 10:13:23 PDT

Next message: Devdas Bhagat: "Re: recent sadmin worm"

Previous message: Bryan Andersen: "Re: DNS Floods to personal firewalls"
In reply to: Vitaly Osipov: "Re: recent sadmin worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Vitaly,

I have found that removing the file extension also removes the "anti-virus"
scanner/signature problem that you alluded to, that being the vendors who
purposely build a detection string in a "virus" scanner to detect and limit
exploit code (non-malware).

By removing the extension (.z i p, .e x e, what-have-you) will typically
bypass most "scanners".  Simply inform the recipient(s) what the proper ext
should be when they save it down to a disk.

Regards,
Robert
--
ROBERT KINSEY - Analyst
Virus Analysis Team
AFCERT

Next message: Devdas Bhagat: "Re: recent sadmin worm"
Previous message: Bryan Andersen: "Re: DNS Floods to personal firewalls"
In reply to: Vitaly Osipov: "Re: recent sadmin worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 17:13:37 PDT