OT: Win32/Mywife.E@mm
Billy A. Pumphrey
bpumphrey at WoodMacLaw.com
Mon Feb 6 15:16:45 GMT 2006
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Jim Holland
> Sent: Saturday, February 04, 2006 8:27 AM
> To: MailScanner discussion
> Subject: RE: OT: Win32/Mywife.E at mm
>
> Someone wrote:
>
> > > > Naturally as long as everything is up to date things should be
ok.
> > > > People don't really know that a virus is going to happen before
it
> does
> > > > do they?
>
> > > Only if the bug has a timer/date trigger in them. They get
installed,
> > > then lie in wait, and BAM do nasty things later. Once detected
early,
> > > we effectively reverse engineer the virus code, know that the
virus
> will
> > > trigger in the future, thus know it's going to happen before. Once
> users
> > > update their scanning softs they can be assured the bug will be
> > > eradicated before they trigger.
>
> > > The media is a funny animal, they latch onto these bugs seemingly
at
> > > random, spreading doom and gloom, when we techs know that new bugs
are
> > > a daily occurrence, and are quickly and quietly squished by
anti-virus
> > > community.
>
> Of course the media loves to hype these things, but I think that this
was
> a valid case for some extra attention. Not only was the worm
particularly
> destructive (just one single infected machine on a network could have
> destroyed all files in a shared folder on a file server that the
machine
> had access to), but early copies did manage to get through the virus
> scanners and MailScanner itself. I have not come across that
situation
> since the Bagle worm with its password-protected zip files.
>
> Because we log the attachments that are sent to users we were able to
> determine that 6 of our 2500 members had received copies of the virus
in
> uuencoded form. One of those 6 then opened the attachment with WinZip
and
> got infected as a result. Fortunately we were able to clean up their
> infection before Friday, so no damage was done.
>
> I think the media hype was a useful wakeup call to ordinary users to
get
> them to update their antivirus software and to keep backups on
separate
> media.
>
> Regards
>
> Jim Holland
> System Administrator
> MANGO - Zimbabwe's non-profit e-mail service
>
Good call and thanks for the responses guys.
More information about the MailScanner
mailing list