LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

On the value of virus notifications

On the value of virus notifications

Posted Aug 28, 2003 7:35 UTC (Thu) by akukula (guest, #3862)
In reply to: On the value of virus notifications by jamesh
Parent article: On the value of virus notifications

It's not that easy. A worm dosen't use single forged address (althought BigBoss used just one: big(at)boss.com) They either choose random adresses from a victim's address book, or create a brand new, like fed343fd(at)example.com, where the domain is also random. How do you imagine filtering them???

(Log in to post comments)

On the value of virus notifications

Posted Aug 28, 2003 14:19 UTC (Thu) by dark (subscriber, #8483) [Link]

Simple, you recognize which worm it is and you know what it does. That's how virus filters work, they have pattern with which to recognize specific worms.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds