[Gloucs] meetings and website

[Guy Edwards]

On Mon, 2002-12-30 at 22:37, Adam Langley wrote:
> A virus can only
> infect if you run it - simply being on a network (wireless or otherwise) is
> not sufficient. 

I know this (example I'm about to give) is technically a worm and not a
virus but aren't most infectious things nowadays a hybrid anyway?

This is the Sircam virus which is a bit old now but 
 "The worm is network aware, and it will enumerate the network resources
to infect shared systems." e.g. download it with your email and then it
infects your local (windows9x) network. Also did the standard thing of
emailing your contacts etc.

http://securityresponse.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html

I seem to remember that to disenfect the computers we had to unplug them
from the network while running the virus removal and definition update
as otherwise the virus could re-infect from other infected machines
while you were doing the update. We (this is an old company I used to
work for) used to run Norton AV, but putting on the latest AV definition
wasn't enough to get rid of it for some reason. You had to use the
removal tool to get rid of the infection.

> The only way that a virus can `attack' over a network is by
> exploiting an overflow in Windows and I haven't heard of anything that
> dangerous in quite a while.

This was a while back mind.... (and on windows)

best worm I heard of was that one that repaired already infected Apache
servers ("cheese" which repaired damage done by the "lion" worm)
http://news.bbc.co.uk/1/hi/sci/tech/1344344.stm


Guy