New Worm

Reply Subscribe

Thread Tools

Search this Thread

25 June 2001, 09:18 AM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

Reply Like

25 June 2001, 10:48 AM

chiark

Scooby Regular

Join Date: Jun 2000

Posts: 13,735

Likes: 0

Received 0 Likes on 0 Posts

Imagine my surprise when the exchange virus checker caught it before I'd even had a chance to see the thing! Taking all the fun out of things nowadays, I can't even see the rather purile attempts at code obfuscation that the kiddies are thinking is so clever...

Do the heuristics now recognise an obfuscation routine in an attachment? I am starting to suspect that they do.

Keep up the good (if boring for us) work

Reply Like

25 June 2001, 01:57 PM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

I won't go into detail but your right. The majority of the samples we recieve nowadays are detected by our Heuristic/Generic routines before they're written. We're having to tread a very fine line between detection and false positive but seen to be winning.

Reply Like

25 June 2001, 04:46 PM

ChrisB

Moderator

Join Date: Dec 1998

Location: Staffs

Posts: 23,573

Likes: 0

Received 0 Likes on 0 Posts

Thanks Jack. Enterprise SecureCast has been strangely quiet though...

ChrisB.

Reply Like

25 June 2001, 07:22 PM

JackClark

Scooby Senior

Thread Starter

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

I belive we only send to SecureCast immediately if it hits high risk, I was woken with this one at medium risk early... very early... this morning, mainly down to the FBI's interest.

Reply Like