Thread: outbreak.ntli.net
View Single Post
Old 12-04-2005, 16:01   #21
BBKing
R.I.P.
 
BBKing's Avatar
 
Join Date: Jun 2003
Location: London
Services: 20Mb VM CM, Virgin TV
Posts: 5,983
BBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny star
BBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny starBBKing has a nice shiny star
Send a message via ICQ to BBKing
Re: outbreak.ntli.net
Quote:
You could (theoretically) check for all Windows PCs this way.
3) It doesn't determine 100% that a particular machine can host the virus - two Windows PCs returning the same string could have one vulnerable, one not, depending on whether patches have been installed. It doesn't have enough information to make a certain judgement.

You could force everyone to run an app that walled-gardens them if they've not got all patches installed, but do we really want that?

The surest way is to identify IPs that are sending traffic that looks like it comes from a virus - specific ports, patterns of scanning etc. This can be duplicated by someone on another OS, but it has to be done deliberately and is effectively malicious (if you know how to exploit a vulnerability and program your Linux box to do it, that'll appear indistinguishable from the original infection).
BBKing is offline   Reply With Quote