Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: MacOSX worm

from [Stuart Staniford] Network Security [Permanent Link]
Subject: RE: MacOSX worm
Date: Mon, 1 Nov 2004 11:34:04 -0800 


Nick Fitzgerald wrote:


As a possibly interesting point of "cultural difference", while I'll 
accept your claim about "security folks", I'll note that 
among the sub-
group of those with whom I'm much more familiar -- antivirus 
researchers -- the main distinction in Vess' definition, although not 
necessarily the full definition, is by far the majority view.


Yes.  "Worms", however defined, have interested groups of people (including
me) from IDS or networking backgrounds who weren't previously all that
interested in viruses.  Because, as you note, worms are not immediately
amenable to traditional file-scanning AV approaches, but various NIDS and
HIDS techniques are extendable towards a solution.  Network researchers got
interested because (like DDOS), worms were a source of interesting and
problematic traffic on networks.

The malware itself doesn't to be very interested in respecting any
boundaries :-)  (Eg Nimda clearly did both virus-like things and worm-like
things).

Stuart.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strange Spyware or virus or processes, Mark Ahlers
Next by Date:  RE: Strange Spyware or virus or processes, Mike
Previous by Thread:  RE: MacOSX worm, Nick FitzGerald
Next by Thread:  Re: MacOSX worm, Nick FitzGerald
Indexes:  [Date] [Thread] [Top] [All Lists]