| |||||||||||
On the value of virus notificationsOn the value of virus notificationsPosted Aug 21, 2003 4:23 UTC (Thu) by jamesh (subscriber, #1159)Parent article: On the value of virus notifications The anti-virus companies already analyze new worms and viruses in order to identify them and create signatures for their anti-virus products. For mass mailing worms, they should know whether the sender address will be forged. It doesn't take much imagination to see that if this information could be put to good use by the anti-virus software. If the worm forges the sender, just discard the message. If the worm doesn't forge the sender, then sending a rejection notice back is probably still a good idea.
(Log in to post comments)
On the value of virus notifications Posted Aug 28, 2003 7:35 UTC (Thu) by akukula (guest, #3862) [Link] It's not that easy. A worm dosen't use single forged address (althought BigBoss used just one: big(at)boss.com) They either choose random adresses from a victim's address book, or create a brand new, like fed343fd(at)example.com, where the domain is also random. How do you imagine filtering them???
On the value of virus notifications Posted Aug 28, 2003 14:19 UTC (Thu) by dark (subscriber, #8483) [Link] Simple, you recognize which worm it is and you know what it does. That's how virus filters work, they have pattern with which to recognize specific worms.
|
|||||||||||