Gary Lum wrote:
> On a related note, the major AV companies have released updated
> definitions that include heuristic detection to catch the latest
> vulnerability
>
> http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.61.html
>
>
> the complete list is here, under FAQ's
> http://www.microsoft.com/technet/security/advisory/917077.mspx
>
> I wouldn't place all my eggs in one basket, but it's one more hoop an
> exploit would have to jump thru.
Thanks for pointing this out, however our SNS testing has indicated that
Symantec's Auto-Protect is not always effective at catching the exploit
code before it runs, but it will find it in the cache after the code
executes. So do not rely on these signatures as your only defense. Keep
an eye out in your Symantec alerts/logs for the signature
"Hacktool.IE.Exploit" and if you see this, check for other signs of
compromise.
-- Allison Henry System and Network Security University of California, Berkeley http://security.berkeley.edu ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Thu Mar 30 10:05:15 2006
This archive was generated by hypermail 2.1.8 : Thu Mar 30 2006 - 10:05:16 PST