| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: HEADS UP VIRUS BEING SPREAD one of our rea Ed Carp to me to someone else: > > It is an existing, well-known (and "old") virus, reliably ID'ed by > > just about any virus scanner updated since late Feb this year. There > > are abundant informed and informative descriptions of how it works > > all over the web. It seems Mr Wood and your good self must be about > > the only "security experts" who have not already encountered it. > > I wonder, how does one make oneself such an excellent target for virii so > one can claim bragging rights such as those? "Gee, we were the *first* to > discover XXX virus!" ... Generally, one does not. It is quite a long time since I'd have bragging rights to being "one of the first to discover <some virus>" based on stuuff arriving through my Email. Being on and posting to many mailing lists and reading and posting Usenet news increases the amount of all manner of unsolicted Email -- from spam to self-mailing viruses to occasional requests for help with things you wrote about so many years ago you barely recall knowing anything about them -- that comes through your mailbox. "We were the first to discover <some virus>" claims tend to go to the larger AV companies as they have the largest "catchment areas" (i.e. most customers) and thus get more new malware submitted (often entirely automatically by their Email and content scanners) to their processing queues. Knowing about them is simply a matter of foollowing antivirus news -- be it through subscribing to a few AV vendors' mailing lists, various non-vendor AV mailing lists or simply through scanning the relevant "newly discovered threats" type pages on a few AV vendors' web sites. > ... Or does that mean someone at the company was stupid > enough to double-click on an unknown attachment from someone they didn't > know? ... That happens some places, but not here... (Well, actually it does, but it is never through stupidity but through the deliberate actions of someone performing a real analytical study of the suspect program in a safely isolated test environment.) > ... Or is the trick to subscribe to every known mailing list in > existence, so as to be spammed to death in hopes of discovering something > new? I don't recommend that as an approach for discovering new malware, as my experience is that it has a poor return if discovering new malware is your (main) objective. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists