[70140] in North American Network Operators' Group
Re: Worms versus Bots
daemon@ATHENA.MIT.EDU (Rob Nelson)
Mon May 3 07:42:58 2004
Date: Mon, 03 May 2004 07:41:52 -0400
To: Sean Donelan <sean@donelan.com>, nanog@merit.edu
From: Rob Nelson <ronelson@vt.edu>
In-Reply-To: <Pine.GSO.4.58.0405022251070.24652@clifden.donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
At 11:04 PM 5/2/2004, Sean Donelan wrote:
>The antivirus vendors are bemoaning the fact the Sasser worm has been
>slow to spread. On the other hand, most of the vulnerable computers
>seem to have already been taken over by one or more Bots days or weeks
>before the worms arrived.
>
>Other than the obvious, don't let a bot on get on your computer in
>the first place, are there any opinions about the best anti-bot tools
>for naive computer users? The major virus vendors seem to be having
>a bit of trouble dealing with bots, frequently recommending manual
>editing of files and use of regedit. There is also a much longer
>delay between the apperance of a new bot and updates to antivirus
>packages.
One of my concerns is that it's easy to download an anti-virus package
which will most likely delete (it seems that unless it's a VBA macro virus
the files can never be cleaned!) some of the 100% worm or virus files. The
trojan programs, bots, and spyware stick around. It would be a wonderful
program that scanned for and cleaned up BOTH virus and bot files...
Rob Nelson
ronelson@vt.edu
