Slashdot Mirror
Domain: sophos.com
Stories and comments across the archive that link to sophos.com.
Comments · 553
-
Re:Wouldn't have happened....
Well, taken from http://www.sophos.com/support/faqs/savos2.html:
There are no OS/2 specific viruses in circulation but OS/2 computers can still be affected:
* Macro viruses that infect Word, Excel and other Windows mode applications can spread as usual.
* Boot sector viruses can affect the master boot sector, the OS/2 boot sector and the Boot Manager.
* DOS executable file viruses can run on OS/2 systems and infect other DOS executables.
* Any type of file can be stored on an OS/2 server and could infect a vulnerable workstation.
So yes, there are hacks that will affect OS/2, though they might not target OS/2 exclusively. -
Re:Surely a security risk
First, I think your idea that somehow compiling on a linux box is going to create a virus or spread a win32 virus is kind of silly. The linux box does not run win32 code that is is compiling.
Second. Sophos supports (or did as of about a year ago) a linux version of their virus software. If you really needed virus scanning its there.
-
No Big Deal.
It's funny to me that the Gov't thinks it's all high and mighty, then I do a search at Sophos.com and find that the "leaves" worm wasn't all that "Brilliant", it's just another W32 worm.
Quick Link: Here
Horray for the Gov't, they "prevented" (i'd rather say 'postponed') the Leaves Worm.
All he has to do is send a little e-mail of what the "code word" to activate the "zombies" and all Hell breaks loose.
IT Security Admins do this every day at work.
Just my 2 Cents -
The year would not be complete without ....Another God Damn M$ worm to clog the internet, yaha.K. See:
for more details. Whee! 96 countries so far, but predominant in UK and Netherlands. Thanks for all the "security" work, M$, I can see how much you have improved. Surely the new total information awareness will have the foul criminals in jail before long, ha. Next year will be just like last year, but worse.
-
Re:medium-size city in Texas too.
-
Vexira Anti-Virus
Most anti-virus software runs on Windows operating systems (for obvious reasons).
If you're looking for a solution to run on a Linux server (but still check for MS viruses), check out Vexira antivirus. It is inexpensive, automatically updates via cron, unpacks attachments (even multiple levels), and has an integrated virus checker. It can check incoming or outgoing email, or both.
I installed it about 3 weeks ago and I'm very happy with the results. It can be installed as a sendmail "Milter" if you're running a very recent version of sendmail, or as a separate SMTP server that passes the mail along to sendmail via a pipe or a different port (once it's been checked). They have a trial version so you can see if it will work before you buy it.
Most other email virus checkers require a separate program to virus check-- which means you need a MS virus checker that runs under Linux, such as Kaspersky, f-prot, or Sophos.
-
No, just fuck PoizonBOx
And then one day... We'll FUCK THE USA!!!
Just a friendly reminder to keep your SPARC system updated with the latest Solaris operating environment, to keep out crackers with sad minds.
-
Some people have a really sad mind.
with all of those horrible viri[sic] out there that attack unix....
The Solaris operating environment has its share of viruses and worms as well:
fuck USA Government
fuck PoizonBOx
-
Re:Only the FTP...
Ok, how about
A PC Gamer CD with a virus in Q-Paint
Another magazine's CD (Developers Review) was infected with a macro virus
PK Zip V3 (gee, this sounds rather familar)
A Mac virus found on the Journal of Vacuum Science & Technology CD-ROM Vol.12 1Q94
And...
Slashdot even did a story about a spyware program that removed Ad-Aware (Trojan)...and this was done by the author!!!
I'm sure if you look around for a while, you can find more. Just do a search on Google...only took me a few minutes to find these. -
Re:My client caught it, Strange symptoms
According to sophos, this virus/worm/whatever_you_want_to_call_it tries to spread itself over the network shares, etc. One of the thing it does it tries to connect to printers, and all you get is the bugbear trying to print out itself
Anyway, kudos to sophos. I use their anti-virus with mailscanner on our linux e-mail server. We used the mailscanner's auto-update script, which we set to contact sophos once an hour, and download the latest IDE's for our scanner. This way, when on September 30'th I received e-mail alert from sophos about bugbear spreading like fire, I checked our server, and guess what - it already had the IDE files. Makes my life as a sys admin much easier
I know that scanning e-mail attachements, etc, is not the total protection [we also use av software on each desktop], but it surely helps a lot. In addition to using sophos to scan our e-mail, we use it to scan all the shared samba drives, which reside on another box. Overall, i can sleep better.
ps) I think sophos also released some cleaning tool for bugbear. -
100nix??
What about Linux/Slapper then?
-
Sophos
I was looking into anti-virus for a website that will store word docs etc. A friend recommended Sophos. They are not Open Source, but he said they do a very good job with keeping up to date on virus patterns etc. I'm sure they also have for a Samba share if you look or ask.
-
State sponsors of terrorism
From what I know of these countries, it seems extremely unfair to lump Cuba in with Iraq et al as "Axis of Evil".
Don't blame me. Blame the people who write the export regulations. Blame USA Government. Blame PoizonBOx. The USA Government has considered Cuba a state sponsor of terrorism long before September 2001.
-
Modchip? Where?
If a Xbox with a modchip runs the program, I'll call it a success.
What if Microsoft cracks down hard on Xbox modchip makers and gets USA Government to crack down on countries that don't comply with WIPO, as it has been doing lately? What if an Xbox with a modchip is no longer available, except on eBay for $3,000? Then it becomes pointless to port an app to a $3,000 modded Xbox when the Lbox is available from Wal*Mart for $500.
Fuck USA Government. Fuck PoizonBOx. -
Sophos is very realistic about these things
-
Sophos is very realistic about these things
-
Re:Is AV software really necessary?
I am sure I can prevent my computer from being infected just by using common sense (don't open unexpected attachments, download only from trustworthy sites, etc).
Except... there have been documented cases of commericial vendors accidently shipping viruses (virii?) on their products. The most recent one I can recall was an infected PowerPuff Girls DVD.
So much for trusted sources. I mean, if you can't trust Blossom, Buttercup, and Bubbles, who can you trust?
-
Re:And...
-
Re:And...
-
Re:And...
-
Re:Masters of the obvious
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code.
According to Sophos (and I'd like to hope they know what they're talking about) the majority of the top ten viruses of April 2002 are e-mail based social engineering worms.
The problem is crappy users. -
Re:Masters of the obvious
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code.
According to Sophos (and I'd like to hope they know what they're talking about) the majority of the top ten viruses of April 2002 are e-mail based social engineering worms.
The problem is crappy users. -
Re:two versions out
Am I blind or has the page changed? I can find no mention of brute force attacks on Sophos' JS/SQLSpider-B analysis page.
-
Read up
SARC Analysis
Sophos' Write-Up
If over 1,000 boxen are already compromised, I have to wonder about SARC's statement that this is 'unlikely to spread.' -
Re:Suggestions?
at work i set up mailscanner, which uses sophos anti-virus engine, and also spamassassin to tag all the spam. overall, very nice setup. ohh, i use sendmail for the transport.
-
Re:Suggestions?
-
Wrong virus, asshole.WTF, this isn't even a desription of Klez. but the place you stole this from even has a description of the Klez virus. You couldn't even bother to plagarize the right stuff?
-c
-
Re:MOD THIS UPYeah right - it's just a cut and paste job from sophos' web site and they didn't even get the right virus!
It's a description of badtrans not klez.
-
Email worm defense for *nix
While it probably does not bother the majority of *nix users who can simply hit Delete to solve their worm problems, I've found it pretty easy to filter things like Klez out (and protect any Windows boxen you might have behind a *nix gateway) using Sophos Antivirus for UNIX, Sophie, and Virge. They're fairly easy to install and so long as the virus scanner is kept up to date, they catch anything hostile that comes to your SMTP server.
-
Re:The envelope please...
I believe a better link would be Top ten viruses reported to Sophos in 2001.
-
The envelope please...
-
The envelope please...
-
Re:I have the way out!
3. Use your favourite partintioning software to delete all partitions and replace it with one large FAT32 "C" drive.
When one large partition has an operating system that fails, it can be irritating to save files stored on it.
4. Get a copy of windows XP $179, which is cheaper than the phone bills for "FREE" software.
You can order a CD of whatever "FREE" operating system you want to be sent to you for under $10 if you don't have a fast internet connection. Besides, would you want an operating system that has a huge market share and no reason to compete, or one made by people with making something better as their main motivation. This is a tough on to think about....
7. USE YOUR COMPUTER WITH EASE
This really depends on your definition of what "EASE" really is. If you want to watch everything using Windows Mediaplayer then things are easy. If you want to chose other software that impoves itself over releases instead of just adding backwards incompatable technology to squeeze a couple more bucks out of my poor bank account, then you may want to stay with the "FREE" OS.
8. If you really want the command line, install DOS, the original and best!
If DOS was the original, then who originally wrote it? A quick look at the history shows that unlike what is popularly believed, Bill Gates didn't author DOS himself. Another thought, DOS may be a command line, but it doesn't have that much power. If someone wants to write a script, they use VB. And VB isn't much of an improvement on anything, except that its the chosen virus writing language because of its ease of allowing stupid people to do stupid things.
Oh yeah, and being the first doesn't really mean being the best anyways. -
Analysis links for those viruses on cellphones.
As I said, NOT mobile phone viri, just the same old email worm stuff that happens to spam mobiles:
VBS/Timo-A
VBS/San-A -
Analysis links for those viruses on cellphones.
As I said, NOT mobile phone viri, just the same old email worm stuff that happens to spam mobiles:
VBS/Timo-A
VBS/San-A -
You *need* a server side virus scanner
Scanning for and removing mail viruses should be handled by your mail gateway (as well as your desktops for the following reasons).
1) This way viruses are removed from your network at first opportunity
2) You can bounce messages and let the sender / recipient / admin know the sender has a potential virus problem
3) One server is easier to maintain than a few hundred desktops
3) 2 layers provide more protection than one
4) Why waste resources getting virus laden enail to desktops? A mail gateway provides a convenient choke point to get this stuff out of your network ASAP.
With that in mind here's a guide I wrote for my employer for doing so at clients, using Red Hat Linux, Postfix, and Sophos MailMonitor.
In the setup outlined below,
1) Postfix accepts incoming mails on port 25 and leads them to a content_filter.
2) The content_filter is Sophos MailMonitor, which takes over the mails on port 10025. After the mails have been scanned, they are placed back to postfix on port 10026.
3) Finally postfix delivers the mails.
Anyway, you should be able to read the guide at my rather unfinished website in a short while. If it isn't there yet, it will be soon. -
AV solutions
At work, we use Sophos for Windows 2000 and 98 workstations. Antigen for Exchange 2000 (which utilises McAfee & Sophos engines in our config, but there are more). Norton with wrapper for Mailsweeper. Personally, I use Sophos on my Win2k workstation. It is constantly updated, and the support from Sophos is great. Plus it's a UK company
-
A native translation..
Sophos Anti-Virus warns about a new virus, which infects other files as a macromedia flash movie
and executes self-generated programs. The parasite, baptized "SWF/LFM-926", reaches computers as
SWF-file, and after being run, infects other Flash movies while displaying the message
"Loading Flash-Movie...". The virus exploits the scriptability of Macromedia Flash to generate a
file V.COM, which gets executed afterwards without confirmation.
Sophos says that the virus wasn't yet spotted "in the wild" and therefore spreading. Nevertheless,
the manufacturer of Antivirus software warns about the potential danger which lurks in the
Flash format. The Sophos website provides detailed information about the parasite. -
Sorry, ./ mangled my url
-
Re:just say no
-
Re:Mail sent to me.
Sounds like you have the W32/Nimda-A virus. Follow the link for a good update.
BTW, My nameserver/webserver is getting smoked with this 208.x.x (for lack of a better name) worm. I work for the state DNR and it's aproaching a DDOS style attack for us. -
Hacker Declares Jihad
In light of the recent tragedies, is there anything that the hacker community can contribute to the inevitable reprisals against terrorist activities?
The Register reports that "an undisclosed number of Web sites have had their front page redirected by "Fluffi Bunni" in response to the events that have shaken the world".
Entitled "Fluffi Bunni goes Jihad" those behind the hack say: "If you want to see the internet again, give us Mr Bin Laden and $5 million in a brown paper bag. Love Fluffi B.
The Red Chinese got behind their government with the Sadmind worm earlier this year (f**k USA Government, f**k PoizonBOx) so how about it, you hackerz?
-
Re:Virus that installs linuxAt some point there were rumors of that virus existing. It was called tuxissa. (tux the penguin mixed with melissa the virus) It was a hoax and didn't really exist. (damn)
here is more info.
-
GET A DAMN CLUE PEOPLE!!!
It seems just about every damn virus nowadays spreads via Outlook or Outlook Express which is too bad
But has anybody (specially Timothy) actually paid any attention to the damn stories?
Nowhere in these stories is it claimed that Sircam uses Outlook to spread! Maybe Timothy got the idea from reading this CNN article.
Geez, people, do you believe everything that CNN says? It's not like I really expect CNN to get this right, but
In fact, the Wired news clearly says that the virus serves as it's own SMTP client. A lot about this virus in fact resembles how the Judge Disemboweler virus operates.
The only thing that can be interpreted as using Outlook to spread itself is the fact that it takes its e-mail addresses from Windows Address Book files; however it will also try to get addresses from some files in the 'Temporary Internet Files' folder. This means it should be able to spread without any need for Outlook (just some e-mail client and a user naive enough to run the attachment) and without Windows Address Files.
All the usual sources of virus information seem to agree about this virus serving as its own SMTP client. Please check for yourselves:
http://www.symantec.com/avcenter/venc/data/w32.si
r cam.worm@mm.htmlhttp://vil.mcafee.com/dispVirus.asp?virus_k=99141
& http://www.antivirus.com/vinfo/virusencyclo/defau
l t5.asp?VName=TROJ_SIRCAM.Ahttp://www.antivirus.com/vinfo/virusencyclo/defau
l t5.asp?VName=TROJ_SIRCAM.Ahttp://www.sophos.com/virusinfo/analyses/w32sirca
m a.htmlhttp://www.europe.f-secure.com/v-descs/sircam.sht
m lhttp://support.centralcommand.com/cgi-bin/command
. cfg/php/enduser/std_adp.php?p_refno=010718-000010 -
Try Sophos AntiVirusI highly recomend that you check out Sophos AntiVirus. (www.sophos.com)
their software runs on tons of platforms and is truly awesome. plus their licensing agreement allows all your employees to use it on their home machines free of charge. Their administration client is great, their support is awesome, and the product does what it is supposed too.
Apart from Windows, mac, os/2, and openVMS, and even integrated Lotus Notes/Domino Scanning, Their Unix version works on the following platforms:
- Solaris/SPARC
- Solaris/Intel
- Linux/Intel
- Linux/Alpha
- SCO OpenServer/Intel
- SCO UnixWare/Intel
- Digital Unix/Alpha (Compaq Tru64 Unix/Alpha)
- AIX/PowerPC
- FreeBSD/Intel
- HP-UX/HP-PA
We work closely with a lot of government agancies and private corporations, and we are always calling them and letting them know that they have infected documents or mail servers or whatever... they never seem to know until we tell them, and we have never had a problem.
I am not an agent of or affiliated with Sophos in any way, I am just a satisfied sys-admin.
An old sig
a bit drops in -
Central Command to the Rescue?After reading the Central Command press release, I went to my favorite virus site, Sophos. They have a more interesting take on the situation:
"Despite some media reports the virus is far from sophisticated," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "Interest in the virus has been generated by an anti-virus vendor issuing a press release about it - rather than any genuine threat."
Maybe Central Command is just trying to generate more sales revenue.
-
UNIX and LinuxThere are four or five companies that offer Linux support, but few that offer $OTHERUNIX support; One worth looking at is sophos - they offer a range of alternate platforms and were the only ones I could find that supported Digital Unix on Alphaservers.
I also asked this question a month or so back and got rejected - obviously luck of the draw for which reviewer you get
-- -
Sophos, Trend
For the server-side protection, I'd have a look at Sophos's product.
As for the automatically-distributed client, you should evaluate (for free) Trend Micro's OfficeScan Corporate Edition to see if it plays nice with Samba. It runs no code on the server. The software and updates get delivered via client pull, initiated by Windows login scripts, and the admin interface can be run from any Windows machine with proper share access to the distributing host. -
Sophos..
Surprised no-one else has posted this yet - Sophos offers AV software for Windows, Netware, OS/2, Unix (Solaris, Linux, SCO, Digital, AIX, FreeBSD, HP-UX) and OpenVMS servers, and Windows, OS/2, Mac and DOS clients.
Our company uses it on Netware servers/Windows clients, and it's been great - although I haven't used any of the other server versions I'd expect them to be at least as good. SAVAdmin and other management tools work well too (provided you've got an NT machine handy to run it) - updates, client upgrades and the like can all be automated.
-
Realtime virus-scanning for Linux. Yay!
Ah, answered my own question and found a vendor. Looks like Sophos's server scanning package does the trick. Supports a while bunch of Unices and OpenVMS, too. Sure would be nice of CA and Trend Micro would do the same, as I prefer their overall suites as an enterprise solution.
These folks should give Cobalt a call.