[Esd-l] Palyh worm

John D. Hardin jhardin at impsec.org
Tue May 20 14:34:18 PDT 2003


On Tue, 20 May 2003, Kenneth Porter wrote:

> I vaguely recalled something about scanning file content for the
> magic executable header

The current sanitizer does do this if you set $SECURITY_POISON_WINEXE 

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
-----------------------------------------------------------------------
   532 days until the Presidential Election



More information about the esd-l mailing list