[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
- To: <full-disclosure@lists.netsys.com>
- Subject: RE: [Full-Disclosure] Re: Administrivia: Testing Emergency Virus Filter..
- From: "Schmehl, Paul L" <pauls@utdallas.edu>
- Date: Wed, 20 Aug 2003 17:02:43 -0500
> -----Original Message-----
> From: martin f krafft [mailto:madduck@madduck.net]
> Sent: Wednesday, August 20, 2003 1:35 PM
> To: full-disclosure@lists.netsys.com
> Subject: [Full-Disclosure] Re: Administrivia: Testing
> Emergency Virus Filter..
>
> Only partially right, the other part is bugs in software and
> automation techniques that make viruses much easier and
> effective. Moreover, it's operating system design. If I
> caught a virus on my UNIX system, I might be sending it on if
> the virus is smart enough to figure out a way to get into
> control and to execute sendmail. However, it won't be able to
> infest the system and other local users.
>
Why would it have to execute sendmail? All it has to do is run
/bin/mail(x) or use its own routines to telnet to port 25 and "talk
smtp" directly. About the only OS I know of that doesn't have a telnet
client and mail or mailx by default is Gentoo. No need to launch any
daemons on your box. Most "modern" worms don't bother with processes on
the box anyway. They create their own, download them or bring them with
them.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html