Vulnerability Development mailing list archives
Re: NAV 2000 Doesn't Catch "Life Stages" Worm ...
From: ecchien () YAHOO COM (Eric Chien)
Date: Thu, 29 Jun 2000 10:50:13 +0200
Hello Blake, I would be interested to see you back up those claims with some proof. First, how do you know the infected samples received are truly infected? I have seen 0 byte attachments and also ones with the viral code completely white-spaced out. Both occurences probably occur due to some handmade tools being used on mail servers to clean out infections. In addition, users of course need to be sure they are using Scan All Files or have SHS added to their list of extensions. Before claiming that Norton AV 2000 doesn't detect VBS.Stages, I would suggest you submit the file in question to SARC (Symantec AntiVirus Research Center). You can do so by sending it to me at echien () symantec com. Please send it in a zip file that has been password protected and send the password. My guess is that it either is a 'repaired' sample or the configurations on the client are not properly set. Regards, Eric Chien SARC At 11:23 AM 6/28/2000 -0500, Thomason Blake E SSgt 85 TES/DET 1/DO wrote:
Greetings! Just a heads-up for those of you who are not already aware: The current Norton AV 2000 sig file (ver. 20621cb) does NOT detect the "Life Stages" worm. So far, we've only seen a few isolated occurences with no subsequent infections, but the danger is there. One occurrence had the subject "FW: Jokes" and the attachment was "Life Stage". This is a deviation from the original worm when it was first detected about a week ago. Also, the message body was BLANK in every instance. This worm is painfully simple to get rid of (if caught PRIOR to infection <grin>)--simply delete the carrier email. Depending on your mail platform, you will want to make sure to remove the message from your "Deleted Items" folder (or whatever feature in your email platform performs that function) or bypass it altogether. (NOTE: MS Exchange users can simply highlight the message and [SHIFT + DELETE] it. Blake Thomason System Administrator Detachment 1, 85th Test and Evaluation Squadron Tyndall Air Force Base, FL 32403 USA mailto:blake.thomason () tyndall af mil
Current thread:
- NAV 2000 Doesn't Catch "Life Stages" Worm ... Thomason Blake E SSgt 85 TES/DET 1/DO (Jun 28)
- <Possible follow-ups>
- Re: NAV 2000 Doesn't Catch "Life Stages" Worm ... Eric Chien (Jun 29)
- Re: NAV 2000 Doesn't Catch "Life Stages" Worm ... Thomason Blake E SSgt 85 TES/DET 1/DO (Jun 29)
- Re: NAV 2000 Doesn't Catch "Life Stages" Worm ... McKercher, John C II SSgt 341CS/SCBI (Jun 29)