[68124] in North American Network Operators' Group
Re: Warning - new trend of attempts to infect ISP users (possibly virus)
daemon@ATHENA.MIT.EDU (Kevin Oberman)
Wed Mar 3 12:52:01 2004
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: Joel Jaeggli <joelja@darkwing.uoregon.edu>,
Larry Rosenman <ler@lerctr.org>,
"william(at)elan.net" <william@elan.net>, nanog@merit.edu
In-Reply-To: Message from "Stephen J. Wilcox" <steve@telecomplete.co.uk>
of "Wed, 03 Mar 2004 16:15:39 GMT." <Pine.LNX.4.44.0403031612180.15621-100000@server2.tcw.telecomplete.net>
Date: Wed, 03 Mar 2004 09:51:31 -0800
From: "Kevin Oberman" <oberman@es.net>
Errors-To: owner-nanog-outgoing@merit.edu
> Date: Wed, 3 Mar 2004 16:15:39 +0000 (GMT)
> From: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
> Sender: owner-nanog@merit.edu
>
>
> > > Erm is it me or are the writers of Bagle and Netsky determined to keep morphing
> > > their code to outwit the virus scanners.. is this a new trend in virus writing -
> > > beat the systems by evolving your code quicker than the security firms can
> > > release updates?
> >
> > new trend in that it started only a decade ago?
>
> Perhaps I'm only following this as its affecting us more, but I dont recall a
> time previously when I've had so many viruses hitting us and getting thro our
> scanners with nothing we can do about it. I dont recall seeing viruses with
> variants as high as 'j' before, especially in the relatively short time since
> the previous variants were out
>
> Seriously, drop some references if I'm off-track.. its just my perception and
> I'm not an expert at all with viruses...
They are getting batter at it, but the WANK worm (1989) used
self-modifying code so that no two replicas were the same. (Note: This
worm only infected VMS systems running on the global DECNET internet,
mostly DOE, NASA, and DEC corporate systems.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net Phone: +1 510 486-8634
