[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] AV "feature" does more DDoS than Sobig

To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] AV "feature" does more DDoS than Sobig
From: Fabio Gomes de Souza <bugtraq@gs2.com.br>
Date: Thu, 28 Aug 2003 10:05:20 -0300

Hello,

Anti-virus products are causing more harm than the Sobig Worm.

Some of my customers are having the following problem:

B = Customer of my customer (infected)
C,D,E = Some random company (victims of Sobig)
A = My customer (victim of AV marketing)

The Sobig worm infected B.

In its propagation loop, the worm composes a message, chooses two random 
items in the Address Book, and puts the first in the "From:" and the 
second in the "To:" header. Then all virus messages are spoofed.

The problem is that many e-mail virus scanners send a "You are infected" 
reply to the address contained in the "From" header. Since the messages 
are spoofed, the inoccent, uninfected user "A" is flooded by automatic 
complaints from "C","D","E" regarding the virus that "B" sends.

Anti-virus companies seem to spend more money on marketing/visibility 
than on actually protecting their customers. This marketing stupidity is 
done by adding USELESS features, which spreads false information and 
delivers false sense of security:

	- "You're infected" reply (false positive)
	- "This message is 100% virus-free certified" signature line (false 
sense of security)
	- Anti-virus buttons on Internet Explorer toolbar (just to launch the AV)
	- Splash screens every time you:
		- boot your computer
		- send e-mail
		- check pop3 e-mail
		- turn your computer off
	- System tray useless icons (in some AVs, the system tray icon does 
nothing except for launching the AV program)
	- Redundant shortcut icons in Desktop, Start Menu root, Quick Launch 
and Start Menu program folder

This kind of stupidity from AV companies makes me hate them more every day.

-- 
Fabio Gomes de Souza <fabio@gs2.com.br> Fone: (81) 9127-0597

GS2 TECNOLOGIA DA INFORMAÇÃO LTDA
  - Infra-estrutura de TI, segurança, sistemas embutidos e Linux
  - Consultoria, planejamento, implementação e gerenciamento

http://www.gs2.com.br negocios@gs2.com.br (81) 3492-7777





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: William Warren <hescominsoon@adelphia.net>
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: William Warren <hescominsoon@adelphia.net>
- RE: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: "Richard M. Smith" <rms@computerbytesman.com>
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: madsaxon <madsaxon@direcway.com>
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: David Vasil <vasil@cs.utk.edu>
- Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
  - From: Darren Reed <avalon@caligula.anu.edu.au>

Prev by Date: Re: [Full-Disclosure] Backdoor, Virus, Dialer? More information.
Next by Date: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Prev by thread: [Full-Disclosure] [OpenPKG-SA-2003.037] OpenPKG Security Advisory (sendmail)
Next by thread: Re: [Full-Disclosure] AV "feature" does more DDoS than Sobig
Index(es):
- Date
- Thread