Ever hear the story about "stone soup". (If not, or just for a fun refresher read it at the bottom of this message). I thought it might be fun to start a "stone soup" with WormGuard. I've taken the included items from the Block List Editor area (which of course is lockfile.txt and added a bunch more "nasty's"). I've endeavored to keep all the original entries and added a whole lot more (check me for accuracy of course prior to using, i.e. use at your own risk). To use, simply cut & paste the list below into notepad and save it as lockfile.txt in your WormGuard directory and you should have a much more powerful list of "nasty's" to block. (be sure to rename and save your orginal lockfile.txt file). Of course this WormGuard "soup" would be even more wonderful with a few other "nasty's" added in. Perhaps you can come up with a few I've left out and expand the list? Feel free to add anything else you can think of... H E R E ' S T H E "S O U P" - E N J O Y !!! (I'm using a BIG STONE) ants3set.exe BACKDOOR.AMITIS BACKDOOR.AMITIS.12 BACKDOOR.ASSASIN.11 BACKDOOR.ASSASIN.D BACKDOOR.COLFUSER BACKDOOR.COW BACKDOOR.CYBSPY BACKDOOR.DEFTCODE BACKDOOR.DEFTCODE BACKDOOR.DRATOR BACKDOOR.HETHAT BACKDOOR.HORNET BACKDOOR.HORNET.10 BACKDOOR.LALA BACKDOOR.LANFILTRATOR BACKDOOR.LANFILTRATOR.10 BACKDOOR.NETDEVIL.B BACKDOOR.NETTROJAN BACKDOOR.OHPASS BACKDOOR.OICQSEARCH.165 BACKDOOR.OICQSEARCH.17 BACKDOOR.OICQSER.165 BACKDOOR.OICQSER.17 BACKDOOR.OPTIX.PRO.12 BACKDOOR.OPTIXPRO.10.B BACKDOOR.OPTIXPRO.10.C BACKDOOR.REMOHAK.16 BACKDOOR.REMOTESOB BACKDOOR.REMOTESOB.112 BACKDOOR.REPHLEX BACKDOOR.REPHLEX.20 BACKDOOR.SERVSAX BACKDOOR.SIXCA BACKDOOR.UPFUDOOR BACKDOOR.UPFUDOOR.10 BACKDOOR.VAGRNOCKER BACKDOOR.VAGRNOCKER.12 BACKDOOR.VB.CH BACKDOOR.VMZ BACKDOOR.WIN32/OICQSEARCH.1_65 BACKDOOR.XENOZBOT BACKDOOR.XENOZBOT BACKDOOR:WIN32/OICQSEARCH.1_7 BACKDOOR-ACH BACKDOOR-AMA BACKDOOR-ANF BadGirl.exe BKDR_SERVSAX.A blanca de nieve.exe BLOODHOUND.W32.VBWORM Boss Game.exe Boy and Girl.exe Cheat.exe Choose Games.exe Click Me.exe DECRYPT-PASSWORD.EXE DOWNLOADER-BN.B dwarf4you.exe enano porno.exe explorer.doc FTRAP GONE.SCR GoodGame.exe Happy New Year.exe Happy.exe happy99.exe irok.exe I-WORM.LENTIN.H I-WORM.LENTIN.I I-WORM.RECORY I-WORM.SYSNOM joke.exe JS.FIRSTPART JS.FRIST JS.SEEKER.J JS/FRIST.OW.DR JS_NIMDA.A Krnl132.exe life_stages.txt.shs links.vbs love-letter-for-you.htm love-letter-for-you.txt.vbs MACRO.WORD97.BLUFISH Make More Money.exe Merry.exe midgets.scr movie.avi.pif MP3.exe Music.exe My Letter.exe My Picture.exe My Resume.exe network.vbs NEW BACKDOOR1 OPASERV.F PASSWORD.TXT PE_CIH.1003 PE_ELKERN.D PE_FUNLOVE.4099 PE_NIMDA.E PE_RUNDOOM.A PE_SPACES.1445 PE_SUNDER.A PenHouse.exe PlayBoy.exe POLDO pretty park.exe prettypark.exe PWSTEAL.ALLIGHT PWSTEAL.RIMD Question.exe sample.exe scam32.exe Sex Picture.exe sexy virgin.scr sirc32.exe south park.exe TROJ/XENOZBOT TROJAN.DASMIN TROJAN.DOWNLOADER.CILE TROJAN.KKILLER TROJAN.POLDO TROJAN.PSW.ALLIGHT.20.A TROJAN.PSW.PLATAN.5.A TROJAN.UNBLOCKEE TROJAN.WIN32.DASMIN TROJAN.WIN32.KKILLER True or False.exe tune.vbs VBS.CELERON.B.WORM VBS.CELERON.WORM VBS.FIT.A VBS.GAGGLE.B@MM VBS.SYSNOM@MM VBS/GENERIC@MM VBS_LOVELETTR.AS VBS_LOVELETTR.AS VBS_REDLOF.A W32.BACKZAT.WORM W32.CAMPURF@MM W32.DUKSTEN.C@MM W32.DUKSTEN.D@MM W32.DUKSTEN.E@MM W32.ELERAD.5041 W32.ELERAD.5041 W32.EXPLOREZIP.L.WORM W32.FRETHEM.E@MM W32.FTRAP W32.HLLC.WARRAY W32.HLLW.BACKZAT.B W32.HLLW.BACKZAT.C W32.HLLW.GOP.F@MM W32.HLLW.LIOTEN W32.HLLW.PARVED W32.HLLW.PARVED W32.HLLW.SMELLES W32.HLLW.SODABOT W32.HLLW.STIQ W32.HLLW.WANGY@MM W32.HLLW.ZULE W32.JUNKCOMP W32.KWBOT.B.WORM W32.LIRVA.A@MM W32.LIRVA.C@MM W32.OPASERV.J.WORM W32.OPASERV.K.WORM W32.ORFINA@MM W32.PARVED W32.RECORY@MM W32.SOBIG.A@MM W32.TITOG.WORM W32.TULU W32.XILON.TROJAN W32.YAHA.H@MM W32.YAHA.J@MM W32.YAHA.K@MM W32.YAHA.L@MM W32.YAHA.M@MM W32/AVRIL-A W32/AVRIL-B W32/DUKSTEN@MM W32/EXPLOREZIP.E W32/EXPLOREZIP.WORM.210432 W32/EXPLOREZIP.WORM@M W32/FLEMING.WORM W32/LIOTEN.WORM W32/LIOTEN-A W32/LIRVA.B@MM W32/OPASERV.WORM.M W32/OPASERV.WORM.N W32/OPASERV-H W32/OPASERV-I W32/OPASERV-L W32/PRESTIGE-A W32/RUNDOOM.WORM W32/SOBIG W32/TITOG.WORM W32/WARRAY.CMP W32/YAHA.J W32/YAHA.K W32/YAHA.M@MM W32/YAHA.M-MM W32/YAHA-J W32/YAHA-K W97M.BLUDUAG W97M.CIGA@MM W97M.KILLBOOT W97M_MARKER.GO-1 W97M_MARKER.GO-1 WIN32.BACKZAT.B WIN32.DEPRAVE WIN32.HLLW.ARCHEX WIN32.JUNKCOMP WIN32.LIOTEN WIN32.LIRVA.A WIN32.LIRVA.B WIN32.YAHA.K WIN32/ELERAD.4041 WIN32/EXPLOREZIP.WORM WIN32/YAHA.K@MM winext.exe WORM.WIN32.LIOTEN WORM.WIN32.SMELLES WORM.WIN32.SMELLES WORM.ZIPPEDFILES.H WORM_BUGBEAR.A WORM_EXPLORZIP.M WORM_GOP.F WORM_KLEZ.H WORM_LIOTEN.A WORM_LIRVA.A WORM_LIRVA.C WORM_OPASERV.M WORM_PRESTIGE.A WORM_PRESTIGE.B WORM_RECORY.A WWW..FREEDESKTOPTHEMES*.* X97M.LAROUX.WM xpass.xls zipped_files.exe ________________________________________ NOW, here's the Story of Stone Soup When the residents of a poor village see a young peddler driving his wagon into town, they quickly begin to hide their food under mattresses and haylofts, knowing that the boy will be hungry. "There's nothing to eat here," they cry from their windows, "best keep moving!"The boy calls back that he is not looking for food; in fact, he has everything he needs to make delicious stone soup for the entire village. In the town square, he pulls a cauldron from his wagon, fills it with water and starts a fire. Then, as the wary townspeople watch, the young peddler takes a stone from his pocket and drops it into the water. "Of course the soup would be even more wonderful with a bit of cabbage," the boy thinks aloud, and so one of the villagers runs home to find her hidden cabbage. "Salt beef would really make my soup a masterpiece," the boy adds, and another villager leaves the square and returns with a bit of beef.On it goes, with all of the villagers gradually adding to the delicious smelling soup until potatoes, carrots, onions and mushrooms have made the "stone soup," not just a meal, but a community feast. The evening ends with dancing and singing far into the night and the villagers show their gratitude to the wise young peddler by giving him a comfortable bed for the night at the mayor's house and thanking him for what he has taught them. "We shall never be hungry again," they call to him, "now that we know how to make soup from a stone!"
Hi Darksky, welcome here! Thanks for the stone soup story. You might like to look if the list here might have some more additions http://www.wilderssecurity.com/showthread.php?t=4196 Do you have an informative website?
Hi darksky, Many of those names are only going to slow down the scanning - virus trojan and worm names are not going to help in the blocking. The blocked list allows EXE names only in Wormguard 3, and blocks files of those names. I would suggest removing anything starting with VBS. TROJ. BACKDOOR. I-WORM. etc, most should be easy to spot
Hi Jooske - thank you for your welcome! Great to be here. Hello Gavin, Thanks for your reply. You stated that the blocked list only allows EXE names in WormGuard. I tested WormGuard with my modified list installed and attempted to run 3 non .EXE files: BACKDOOR.HETHAT W32.CAMPURF@MM VBS.GAGGLE.B@MM WormGuard responded by instantly blocking their execution with the following messages: WORMGUARD SECURITY WARNING - You have just executed a file that is not allowed to execute on this sytem. The file has been blocked from running. Please contact your system administrator for more information. As I do not have the actual files on my pc, I tested it simply by clicking start, run, then typing in those file names. Still, WormGuard responded instantly (less than 1/2 sec). I couldn't test an actual scan to see if there is a measureable slow down since I don't have a WORM on my pc.
Hi, I better correct that, and clarify what I meant Only real file NAMES are acceptable - so HELLO.VBS is valid as well. Any extension is possible But adding names like BACKDOOR.HETHAT is useless, as this is a trojan name. A trojan would not be sent to you with that name, it wouldn't even be sent to you as SERVER.EXE. It would be named something that would be more appealing for a user to run. In fact, as .HETHAT is not executable, it wouldn't even run - it isn't a EXE COM BAT PIF SCR extension
