Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-07-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SANSFIRE 2006

Published: 2006-07-04
Last Updated: 2006-07-05 03:18:13 UTC
by Deborah Hale (Version: 1)
0 comment(s)
It has been a rather lonely day in the Storm Center.  Many of our Handlers have departed for a gathering at SANSFIRE. Those of us that are not privileged to attend this year are holding down the fort in their absence. I really hate to miss the event this year as some of our distinguished Handlers are also speakers at this years event. 

Our own Dr. J (Johannes Ullrich) is the keynote speaker for  Thursday.  He will be speaking about who we are and what we are up too.

On Friday our own Mike Poor will be the keynote and will examine global and local network methods that can be applied to prevent, detect and respond to mobile malicious code. Another tremendous talk I am sure. 

Other Handlers that are presenters:
Ed Skoudis - Cutting Edge Hacker Techniques
William Stearns - Basic Systems Administration
Marcus Sachs - Networking Essentials

SANSFIRE 2006

If you are planning on being at SANSFIRE let my friends and fellow Handlers know how much you appreciate all that they do.

Keywords:
0 comment(s)

Symantec detecting NSIS as trojan.zlob.

Published: 2006-07-04
Last Updated: 2006-07-04 23:20:58 UTC
by Deborah Hale (Version: 1)
0 comment(s)
We have received several emails regarding Wireshark ( the new version of Ethereal) being detected as infected with trojan.zlob.  After investigation it appears that this is a false positive with Symantec AV def's that are currently in use and that it is actually the NSIS (Nullsoft Installer) that is triggering the alert. 

NSIS Installers

Nullsoft Installer (NSIS) is an open source program that is used by many companies including WINAMP, WireShark and probably others to create low cost installers.  Apparently this is not the first time that Symantec has had a false positive on the NSIS installer. 

WinAmp Advisory


Keywords:
0 comment(s)
Diary Archives