[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: trusted computing initiative



> > That's probably because his computer was already infected.  I've not had
> > any system that I've had to run the updates on tell me I have to turn 
>the
> > antivirus off.
>  No he was able to delete the worm by using software that people gave.

deleting the worm does not mean that he wont get it again once connected to 
the internet or any network running tcp/ip

> > In addition, if he ran the patch and it said it installed it could still
> > have the worm.  One of the varients is that it runs thru the patch very
> > quickly so it looks like it's installed when in fact it is not.
>   Ahh, I guess the trusted computing initiative folks overlooked that too?
>
> > Likewise, how would there be a malicious redirect on Microsoft's server
>
>  Sean, I questioned him repeatedly on this and he said he was positive we 
>went
>to www.microsoft.com.

i would wager that there was no malicious redirect. the virus does not 
infect by links normally, it infects through the ms rpc hole. (actually a 
small stub gets pushed through that hole.  that stub then downloads the real 
payload of the virus through tftp)


>
> > unless it was broken in to?
>
>  Maybe that is possible
>
> > The OS is only going to do what it's user
> > tells it to.  If the user told the OS to run this program, the computer 
>is
> > going to do it.
>
>Oh really? The FDA, where I work at, downloaded the patch and ran it and it
>did *not* work. We were clobbered by the worm.
>

never met a government nor government related office that kept up on 
patching any machine, be it windows or linux or anything. :P

the slashdot link to the patch when the worm started hitting was to the 
wrong patch.  you also may have already been infected prior to the patching.

Casey

_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online  
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.