[Gllug] New worm doing the rounds?
Alistair Mann
alistair at lgeezer.net
Tue Feb 10 11:40:15 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thus spaketh Christopher Hunter on Monday 09 February 2004 5:26 pm:
> On Monday 09 Feb 2004 2:24 pm, Richard Jones wrote:
> > <rant mode="angry">
> >
> > Don't you think these "anti-virus" vendors could stop sending me emails
> > like this:
> >
> > "We have detected [Windoze worm which is well-known to fake the From:
> > header] in an email you sent to [email address I have never heard of]"
> >
> > It really is just plain stupid. If you know what the worm is, then
> > you know it fakes the From header, so don't send a bounce.
> >
> > </rant>
>
> I get a huge number of these as well - they just seem to be yet another
> form of spam.
>
> The Windoze (l)users and "anti-virus software" vendors don't actually seem
> to realise or want to understand that these silly "anti-virus" programmes
> simply can't work - as by their nature, they have to be reactive. It only
> takes a competent programmer (or a "script kiddie") a matter of minutes to
> knock together a virus or trojan that's unique, so invisible to these
> "scanners".
Not completely true. Heuristic analysis can identify code likely to be
malicious. Does the code contain data about the Windows address book? +1
point. Does it contain code that copies an area of itself into a new memory
area, then does operations on that area? +1 point. Does it self-modify? +1
point. Nope, AV tools can be proactive too.
> The virtual invulnerability of Linux to malware should be one of its' major
> selling points!
Rubbish! Linux systems are as susceptible to malware as Windows systems: what
they are not so susceptible to is being rooted. Security for linux systems
relies in large part on its obscurity: why attack the 5% market share when
you can have the 90%?
- --
Alistair
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net
iD8DBQFAKMMfEz+/jt85AfsRAkiPAJ9EYXFPeLeS2QGsUSCNKN/b09fwGQCgjwVy
IkZBf5hSPCOib3UNkuJVgSE=
=rltE
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list