I am not aware of what exactly the AV software uses as its bleh signature, but I have personally seen recovered copies of the x2 exploit infected with linux virii in the wild. Do not discount this as an option, imho. --dr CanSecWest/core02 - May 1-3 2002 - Vancouver B.C. - http://cansecwest.com On Thu, 13 Dec 2001 14:37:44 -0800 (PST) Dave Dittrich <dittrichat_private> wrote: > On Thu, 13 Dec 2001, Steve Wright wrote: > > > mcaffee reports the x2 file as containing the bleh unix worm ?? > > McAfee (and Kaspersky Labs) are wrong. It is an ssh exploit, not a > worm. If anyone from either company wants to contact me about how > what signature is used, I'd love to help straighten this out. > > -- > Dave Dittrich Computing & Communications > dittrichat_private University Computing Services > http://staff.washington.edu/dittrich University of Washington > > PGP key http://staff.washington.edu/dittrich/pgpkey.txt > Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Dec 16 2001 - 15:49:45 PST