[Esd-l] Klez@ worm/virus
John D. Hardin
jhardin at impsec.org
Thu Apr 18 19:56:00 PDT 2002
On Thu, 18 Apr 2002, Hermann Wecke wrote:
> As you can see, they are defanged but they were not trapped.
Klez and some other worms use random filenames. Are you poisoning
*.exe? If not, then it can easily slip through, as most people only
poison specific .exe filenames.
I keep seeing these worms being announced, and I keep thinking about
my default-secure stance, and I keep thinking that I'm going to drop
*.exe into the recommended poison list on principle.
How badly would this annoy people?
I suppose I could maintain two lists, one with the .exe filenames from
the various announcements, and a shorter one with just *.exe -
any comments?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at wolfenet.com
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"They [media giants] have no idea how to do business with resourceful
human beings rather than passive vegetables. So they run to [the]
government for protection."
-- Doc Searls on the SSSCA, in Linux Journal
-----------------------------------------------------------------------
929 days until the Presidential Election
More information about the esd-l
mailing list