Wowsers,
We're seeing right now probably the fastest propogating mass mailing virus ever... Called "Goner", it comes with a file called gone.scr. Most AV vendors haven't updated their signatures yet (we stopped it with our heuristic scanner, which I hope to talk about at TPC in 2002), so it's just flooding through most people's systems. We've seen over 10,000 so far today, which is just phenomenal considering it kicked off at about 3pm (it's now 5:20pm).
Of course it's *great* for business. I'm sure The Register and other sites all over the web will be quoting us for the next few days. It's kinda cool working for a much talked about company :-)
Re:Warhol Worms
pudge on 2001-12-04T17:43:53
I get very few of these viruses. None of this new one. I think it must be due to me not knowing very many Windows users.
Yet something else I am thankful for at this time of year.
I get tons of spam, though.:/ Re:Warhol Worms
Matts on 2001-12-04T18:56:16
Yes, we heard of warhol worms. It's all good business for us though, because if one of those breaks out, we'll still stop it heuristically (we offer a 100% anti-virus guarantee, with good reason).
I think many sysadmins out there will think differently about 2 hours being a blessing:-) Remember it's not 2 hours to propogate, it's 2 hours to reach critical mass, which means that it's already infected enough computers to reach critical mass. Oh, and this one deletes antivirus software too, which is kinda funny :-)
Anyway, viruses bad, perl good. Perl good at stopping viruses, and all that.Re:Warhol Worms
chaoticset on 2001-12-07T16:16:33
Wouldn't that indirectly make it anti-anti-virus software? (I've actually seen the term counter-counter-measures in use, so I don't think it's impossible to see the word anti-anti-virus.):)
Fun fun...
Jason
PS: Where I can find out more about this heur. stuff you talk about?
Re:My manager got infected
Matts on 2001-12-04T22:24:04
You have to call our salespeople to get info on the heuristic stuff. Basically, we detect email viruses by checking if the email (or attachment) is trying to do something malicious, like mail itself all over the place, or open files, etc. It's more complex than that, but you get the idea. We have an almost zero false positive ratio, and a 100% anti-virus guarantee, which so far (2 months) we've kept to for all customers. We also run through 4 commercial scanners, just to be sure.
And yes, it's written in Perl:-) Re:My manager got infected
Purdy on 2001-12-05T13:34:16
What's the Web site? (don't know where you work)Re:My manager got infected
Matts on 2001-12-06T08:07:06
Oh, sorry - www.messagelabs.com. Or www.star.net.uk. It's the same company, but they offer the service in different ways. MessageLabs has most of the AV info though.