From proff Sat Sep 28 08:49:48 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA07003 for best-of-security; Sat, 28 Sep 1996 08:49:48 +1000 Received: (list@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA04429 for proff@suburbia.net; Sat, 28 Sep 1996 08:43:54 +1000 X-Envelope-From: ivan@club-internet.fr Sat Sep 28 08:43:37 1996 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA04326 for ; Sat, 28 Sep 1996 08:43:34 +1000 Received: from pdx1.world.net(192.243.32.18) via SMTP by suburbia.net, id smtpd00852aaa; Sat Sep 28 06:44:19 1996 Received: from speedy.grolier.fr (root@speedy.grolier.fr [194.158.97.87]) by pdx1.world.net (8.7.5/8.7.3) with ESMTP id NAA19245 for ; Fri, 27 Sep 1996 13:27:42 -0700 (PDT) Received: from ivan (ppp-206-114.neuilly.club-internet.fr [194.117.206.114]) by speedy.grolier.fr (8.7.6/MGC-960516) with SMTP id WAA22010; Fri, 27 Sep 1996 22:20:32 +0200 (MET DST) Message-ID: <324C33EE.2F38@club-internet.fr> Date: Fri, 27 Sep 1996 22:07:10 +0200 From: ivan Reply-To: ivan@club-internet.fr X-Mailer: Mozilla 3.0Gold (Win95; U) MIME-Version: 1.0 To: www-security@ns2.rutgers.edu CC: best-of-security@suburbia.net Subject: New and destructive word macro virus(3) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Approved: proff@suburbia.net To members interested, especially these who e-mailed me a confirmation to get a sample of the virus : 1) I was finally not allowed to disclose the source code of the virus to individuals or companies interested in its analysis... 2) The virus is "a kind of" new only - it is recognized but not fixed by Norton Anti Virus (code name Indonesia, to be confirmed) - it is recognized and "could be" fixed by Fprot, the new beta version being tested (code name : bandoeng, to be confirmed) - a member mentionned PCCILLLIN95 from http://www.trendmicro.com, to be scrutinized 3) Thanks again for your numerous and kind answers, advices and reactions. I suggest that you get in touch with these companies or any other you know. 4) A member mentionned the mix of data/code that is a particular threat to code-focused anti-virus products : i agree 100 %. See a javascript nuisance demonstration by Http://www.geocities.com/SiliconValley/9307/hackj.htm#mail. 5) I re-suggest to delete this thread from the newsgroup, with all my excuses. 6) Nevertheless, i would be particularly interested in having your real-life experiences with client-side security : even if a company does not have a server but only allows employees to "surf" the web for info, it exposes itself to threats (other than pure viruses) as java/javascript/activex/PS/helper apps/... nuisance or "security risks". To your mind which one is the worst ? Do you have examples and coutermeasures ? Regards