Hmm, I just had one of the MS update viruses slip through, how many variants of this are there? 1Kb file ;/ Barry
literally thousands! my inbox was full every day for a while with around 100 diferent subject lines! ----- Original Message ----- From: Barry Murphy To: nznog(a)list.waikato.ac.nz Sent: Friday, September 26, 2003 4:19 PM Subject: [nznog] MS viruses Hmm, I just had one of the MS update viruses slip through, how many variants of this are there? 1Kb file ;/ Barry ------------------------------------------------------------------------------ _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Yeah I've blocked thousands, but 1 slipped through and seems to have a different sort of patern to it. I update definitions every day at midnight. Might have to change this to every hour :/ Barry ----- Original Message ----- From: Dan Clark To: Barry Murphy ; nznog(a)list.waikato.ac.nz Sent: Friday, September 26, 2003 4:21 PM Subject: Re: [nznog] MS viruses literally thousands! my inbox was full every day for a while with around 100 diferent subject lines! ----- Original Message ----- From: Barry Murphy To: nznog(a)list.waikato.ac.nz Sent: Friday, September 26, 2003 4:19 PM Subject: [nznog] MS viruses Hmm, I just had one of the MS update viruses slip through, how many variants of this are there? 1Kb file ;/ Barry ---------------------------------------------------------------------------- _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Fri, 2003-09-26 at 16:51, Barry Murphy wrote:
Yeah I've blocked thousands, but 1 slipped through and seems to have a different sort of patern to it. I update definitions every day at midnight. Might have to change this to every hour :/
Gibe.F has a bug which causes a few of the attachments it sends out to be truncated. I've seen ones with completely empty attachments, ones with 1 KB attachments on up. These frequently slip past AV scanners because they don't contain whatever the signature is looking for. So far as I have been able to ascertain none of the truncated attachment are viable. -- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand.
participants (3)
-
Barry Murphy -
Dan Clark -
Russell Fulton