[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] another new worm submission
- To: "Perrymon, Josh L." <PerrymonJ@xxxxxxx>, "Ron DuFresne" <dufresne@xxxxxxxxxxxxx>, "Jerry Heidtke" <insecure@xxxxxxxxxxxxx>
- Subject: RE: [Full-Disclosure] another new worm submission
- From: "Schmehl, Paul L" <pauls@xxxxxxxxxxxx>
- Date: Mon, 7 Jun 2004 20:19:51 -0500
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
> -----Original Message-----
> From: Perrymon, Josh L. [mailto:PerrymonJ@xxxxxxx]
> Sent: Sunday, June 06, 2004 10:36 PM
> To: 'Ron DuFresne'; Jerry Heidtke
> Cc: Schmehl, Paul L; full-disclosure@xxxxxxxxxx
> Subject: RE: [Full-Disclosure] another new worm submission
>
> I agree.
>
> Anyone that would have those ports open has a *lot more to
> worry about that cleaning a few worm infections.
> That's not the case here. This infection was caused by a
> remote user not a Lan user.
> With several hundred laptops it's hard have 0 exposure. As
> with any growing security practice and today's decreased
> budgets areas of focus are determined on risk exposure.
>
> Anywho-
> I found the Trojan to be backdoor.nibu.g- although Symantec
> AV didn't pick it up until tonight.
>
> I think this is a good example that perimeter security is
> only part of the battle.
> Tomorrow's morning meeting will stress the importance of
> desktop firewalls again and a good patch management process.
> You can talk until your blue in the face to upper management
> but I find 90% to be reactive.
>
I rest my case.
Paul Schmehl (pauls@xxxxxxxxxxxx)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html