| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: MyDoom.b samples taken down Kurt Weiske <kweiske@...aan.org> wrote: > Daniel and Mike, thanks for making those files available for those of us > who wish to research this virus firsthand, instead of relying on > (sometimes) wildly innacurate media and "expert" reporting. > > Shame on McAfee for succeeding in intimidating a fellow researcher - I It seems that "intimidation" may have been too strong a word -- see Daniel's latest post -- but whatever... > guess that's what happens when viruses become Big Business; use whatever > FUD is available to limit your competitio, increase market share and > maximize shareholder value. Foo. No -- that's what happens when you actually have half a clue about the huge _further_ damage such things can do if actually successfully distributed. Mydoom.B has largely _not_ taken off, but all it probably needs is a touch of the usual "luck" which is all that distinguishes most successful mass-mailers from the huge numbers of unsuccessful ones lamers, like those on this list clamouring to get a Mydoom.B sample, never see. I know most of you will not believe this because you so stupid you already believe that live virus samples are _just_ information and therefore _should_ be subject to "full disclosure" (this is a special form of ignorance that very little empirical evidence seems able to budge -- at least until a holder of the ignorance is the person bitten by it), _but_ each extra copy of Mydoom.B downloaded from the various URLs published on this list increases the likelihood that the virus writer will have his "glory" with the Mydoom.B variant as well. The cost of that far outweighs the value of the jollies a few of you will get from working out how to unpack the "hacked" UPX compression used, poking a few clever comments into your disasm, or mastering ROT13 to "decrypt" the virus' internal strings. In the process, some of you will run it in a VM connected via virtual network to the real Internet (because you are so stupid you believe that "because you run Linux you are safe" or you forgot you enabled bridged networking for some "special reason" and never got round to disabling it) and more copies of it will "escape" (we see this often). And you want to subject the world to that threat because you want to spend hours and hours doing what has been done "well enough" in multiple professional security company labs for them to ship detection and repair utilities within minutes to an hour or two of first receiving a sample of it several days ago. Get real... Try handling dozens of these a day and then see what you feel about the quality of the work of those labs and that 'wildly innacurate [...] "expert" reporting'.... And save me the almost inevitable full-disclosure mantra BS replies! I really do not want to hear your ignorance rephrased that way, again -- at least walk the walk before you try to talk the talk... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists