[Gllug] New worm doing the rounds?

Alistair Mann alistair at lgeezer.net
Tue Feb 10 11:40:15 UTC 2004

Hash: SHA1

Thus spaketh Christopher Hunter on Monday 09 February 2004 5:26 pm:
> On Monday 09 Feb 2004 2:24 pm, Richard Jones wrote:
> > <rant mode="angry">
> >
> > Don't you think these "anti-virus" vendors could stop sending me emails
> > like this:
> >
> >  "We have detected [Windoze worm which is well-known to fake the From:
> >   header] in an email you sent to [email address I have never heard of]"
> >
> > It really is just plain stupid.  If you know what the worm is, then
> > you know it fakes the From header, so don't send a bounce.
> >
> > </rant>
> I get a huge number of these as well - they just seem to be yet another
> form of spam.
> The Windoze (l)users and "anti-virus software" vendors don't actually seem
> to realise or want to understand that these silly "anti-virus" programmes
> simply can't work - as by their nature, they have to be reactive.  It only
> takes a competent programmer (or a "script kiddie") a matter of minutes to
> knock together a virus or trojan that's unique, so invisible to these
> "scanners".

Not completely true. Heuristic analysis can identify code likely to be 
malicious. Does the code contain data about the Windows address book? +1 
point. Does it contain code that copies an area of itself into a new memory 
area, then does operations on that area? +1 point. Does it self-modify? +1 
point. Nope, AV tools can be proactive too.

> The virtual invulnerability of Linux to malware should be one of its' major
> selling points!

Rubbish! Linux systems are as susceptible to malware as Windows systems: what 
they are not so susceptible to is being rooted. Security for linux systems 
relies in large part on its obscurity: why attack the 5% market share when 
you can have the 90%?
- -- 
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net


Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list