lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0HFG00BPSV1GTD@smtp1.clear.net.nz>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: HEADS UP VIRUS BEING SPREAD one of our rea

Ed Carp to me to someone else:

> > It is an existing, well-known (and "old") virus, reliably ID'ed by
> > just about any virus scanner updated since late Feb this year.  There
> > are abundant informed and informative descriptions of how it works
> > all over the web.  It seems Mr Wood and your good self must be about
> > the only "security experts" who have not already encountered it.
> 
> I wonder, how does one make oneself such an excellent target for virii so
> one can claim bragging rights such as those?  "Gee, we were the *first* to
> discover XXX virus!"  ...

Generally, one does not.

It is quite a long time since I'd have bragging rights to being "one
of the first to discover <some virus>" based on stuuff arriving
through my Email.  Being on and posting to many mailing lists and
reading and posting Usenet news increases the amount of all manner of
unsolicted Email -- from spam to self-mailing viruses to occasional
requests for help with things you wrote about so many years ago you
barely recall knowing anything about them -- that comes through your
mailbox.

"We were the first to discover <some virus>" claims tend to go to the 
larger AV companies as they have the largest "catchment areas" (i.e. 
most customers) and thus get more new malware submitted (often 
entirely automatically by their Email and content scanners) to their 
processing queues.  Knowing about them is simply a matter of 
foollowing antivirus news -- be it through subscribing to a few AV 
vendors' mailing lists, various non-vendor AV mailing lists or simply
through scanning the relevant "newly discovered threats" type pages 
on a few AV vendors' web sites.

> ...  Or does that mean someone at the company was stupid
> enough to double-click on an unknown attachment from someone they didn't
> know?  ...

That happens some places, but not here...  (Well, actually it does, 
but it is never through stupidity but through the deliberate actions 
of someone performing a real analytical study of the suspect program 
in a safely isolated test environment.)

> ...  Or is the trick to subscribe to every known mailing list in
> existence, so as to be spammed to death in hopes of discovering something
> new?

I don't recommend that as an approach for discovering new malware, as 
my experience is that it has a poor return if discovering new malware 
is your (main) objective.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ