[Dshield] Trendmicro Venting

James Riden j.riden at massey.ac.nz
Fri Jun 10 01:32:38 GMT 2005


"John B. Holmblad" <jholmblad at aol.com> writes:

> James,
> 
> can you explain why the "Gadi Evron" discussed  trojan would not have 
> eventually been caught?

It would have been caught eventually, but only after an AV company had
actually seen it.  If someone's going to write a custom trojan,
they're going to test it against most of the leading AV products, and
they're only going to distribute it to the people they want to
attack. If it's done well and targetted against a small group of PCs,
it's unlikely to come to anyone's attention quickly.

AV will deal with the vast majority of the common threats, but a lot
of people rely on it too much when dealing with intrusions on desktop
machines.

We've seen a few worms ahead of signatures now, and you need to have a
coping strategy if your AV vendor isn't effective against a particular
threat.

(This is a link about the trojan: http://msnbc.msn.com/id/8064757/
I think Gadi posted some other info to bugtraq about it.)

cheers,
 Jamie
-- 
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




More information about the list mailing list