[unisog] New Bot variants making rounds

Russell Fulton r.fulton at auckland.ac.nz
Mon Apr 4 21:31:09 GMT 2005


On Mon, 2005-04-04 at 23:08 +0200, Florian Weimer wrote:
> * Michael Holstein:
> 
> > Heads up .. found two new ones :
> 
> How can these ones be new if there is some AV software that already
> recognizes them? 8-)

I did see the smiley but just in case there is anyone on the list who
thinks this is a serious question the answer is that  different AV
products use different strategies to fingerprint nasties.  The challenge
for the virus writer is to tweak their existing creations just enough so
that *most* of the of the AV products (or at least the major ones) won't
recognise them.

This is one good reason why it is a good idea to run more than one AV
product (normally one on the desktop and different one on the gateway).
You increase you chances of recognising new variants considerably.

Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050405/c2e05009/smime-0001.bin


More information about the unisog mailing list