[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re[2]: [inbox] Re: [Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results

To: "'3APA3A'" <3APA3A@xxxxxxxxxxxxxxxx>
Subject: RE: Re[2]: [inbox] Re: [Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results
From: "Curt Purdy" <purdy@xxxxxxxxxx>
Date: Sat, 17 Apr 2004 09:07:39 -0500

3APA3A wrote:
> Do  you  remember  Nimda  worm?  It  was  probably first worm
> to exploit
> Outlook Express vulnerability to launch itself automatically.
> On Windows
> NT  4.0  F-Secure  engine  (well, it was few years ago, I
> don't remember
> version) had a problem - it catch this worm _after_ it was
> executed. And
> worm  successfully  spreads  from  protected  machine approx.
> in ~50% of
> cases...

Yes, remember Nimda quite well, we made a lot of money over a couple of
weeks cleaning up operations using Norton Enterprise.  However, we had
around 80 boxes in the DMZ with full Internet public ip's protected with
F-Secure and none got it.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re[2]: [inbox] Re: [Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results
  - From: 3APA3A

Prev by Date: [Full-Disclosure] [SCSA-028] Nuked-Klan Multiple Vulnerabilities
Next by Date: [Full-Disclosure] Internet Explorer XSS published unpatched in SP1 AND SP2
Previous by thread: Re[2]: [inbox] Re: [Full-Disclosure] Hi! Antiviruses Comparison - A Little Research Results
Next by thread: RE: [Full-Disclosure] OT microsoft "feature"
Index(es):
- Date
- Thread