[Dshield] DShield vs. Symantec: new features?

Pete Cap peteoutside at yahoo.com
Thu Jan 8 16:00:14 GMT 2004


Interesting point vis-a-vis the payload of the malware, Erwin.
To date we haven't seen many (any?) notable worms with a serious payload.
There are quite a few which steal CD keys and so forth but I think their ability to search out data is limited to what the author can tell it to look for.
 
So, assume worst-case...you have an insider threat which recons the network for the worm.
Because of this it is able to flash the network AND steal proprietary data.
If data theft would seriously harm the company, then a "panic button" that shuts everything down temporarily might be a good idea.
 
Others have raised the point that this would be a Bad Thing if you stand to lose money by not having your company's internet connection active--but if the worm shuts you down anyway, you're already going to take it in the shorts.  Perhaps there is some way to determine ahead of time if it is possible to contain such a worm...?  Or how much money your company would stand to lose in the long run if a worm caused serious damage to your host network...?  Basically do a risk assessment, I guess...?
 
Pete


---------------------------------
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes


More information about the list mailing list