-----BEGIN PGP SIGNED MESSAGE----- On Monday 18 August 2003 10:20, Redaktion - Kryptocrew wrote: > hi list, > > take a look to trendmicro, thats new: > http://de.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id >=55745&VName=WORM_MSBLAST.D&VSect=T
Let's see... Does it magically boot the system off known good media to check for rootkits/backdoors/trojans/[insert favorite evil here]??? No. Does it magically monitor the traffic to and from the machine for a reasonable period of time to ensure that nothing is amiss??? No. Does it reinstall the host OS from the original media and restore the last known good backup??? No. So...what does it do? It patches the hole and wipes out the worm if present, then deletes itself in 2004. Great...except, MSBlaster wasn't the only thing that took advantage of the RPC/DCOM exploit. Oops. Now the system administrator has no cause to take any of the above steps because from his view, sitting in his office running the latest eEye scanner, the machine was never vulnerable. When will folks figure out that these so called "good worms" are not a good thing? The failure of the author to take note of such fundamental flaws in his or her logic suggests that they have no business doing anything, much less volunteering to correct the world's problems. Of course, this could be a deliberate cover-up...but somehow I think it's just another security cowboy trying to save the world. - -- Jonathan Rickman X Corps Security http://www.xcorps.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBP0DxcTTwrX0N9QH/AQHK/QgAicqq+xHeOaZKJonUdRsHo+Fdj0ojGiUp ZaSyBn4DjzwF7tr1VVbat2eUZj2EBfjaArV5CwVuGga28/JDeVRExtjRxW5sAOUI IzvjZt6NTK+9RaMEfIAwFOlua+ov2gG8lo95S8DlBqaW4a4H/KvZHqrNHORpTGSB wnrCBG5r9ah0tcwDVMhxQDupPzfgrTdoYeTq+5K1OYRRQEP/H7XFRC+uCt0gyoOM Ljxb2Hcfl7qSatKgglQYIQU2sTXB3m1hoNXTSxUDOg6ZH3isAWupJIlZw+/3AJCG h0EDgu18FnNOhlGYPa1hL3Wq2KpEjQmzN6Z5zFSFjtx5rfh3kTVjGg== =qeAv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html