[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Law11-OE38dWMMp4Zh80002088f@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: HEADS UP VIRUS BEING SPREAD one of our rea
i dont recall ever claiming a "discovery" ..?
----- Original Message -----
From: "Nick FitzGerald" <nick@...us-l.demon.co.uk>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, May 25, 2003 3:39 PM
Subject: RE: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our rea
> Ed Carp to me to someone else:
>
> > > It is an existing, well-known (and "old") virus, reliably ID'ed by
> > > just about any virus scanner updated since late Feb this year. There
> > > are abundant informed and informative descriptions of how it works
> > > all over the web. It seems Mr Wood and your good self must be about
> > > the only "security experts" who have not already encountered it.
> >
> > I wonder, how does one make oneself such an excellent target for virii
so
> > one can claim bragging rights such as those? "Gee, we were the *first*
to
> > discover XXX virus!" ...
>
> Generally, one does not.
>
> It is quite a long time since I'd have bragging rights to being "one
> of the first to discover <some virus>" based on stuuff arriving
> through my Email. Being on and posting to many mailing lists and
> reading and posting Usenet news increases the amount of all manner of
> unsolicted Email -- from spam to self-mailing viruses to occasional
> requests for help with things you wrote about so many years ago you
> barely recall knowing anything about them -- that comes through your
> mailbox.
>
> "We were the first to discover <some virus>" claims tend to go to the
> larger AV companies as they have the largest "catchment areas" (i.e.
> most customers) and thus get more new malware submitted (often
> entirely automatically by their Email and content scanners) to their
> processing queues. Knowing about them is simply a matter of
> foollowing antivirus news -- be it through subscribing to a few AV
> vendors' mailing lists, various non-vendor AV mailing lists or simply
> through scanning the relevant "newly discovered threats" type pages
> on a few AV vendors' web sites.
>
> > ... Or does that mean someone at the company was stupid
> > enough to double-click on an unknown attachment from someone they didn't
> > know? ...
>
> That happens some places, but not here... (Well, actually it does,
> but it is never through stupidity but through the deliberate actions
> of someone performing a real analytical study of the suspect program
> in a safely isolated test environment.)
>
> > ... Or is the trick to subscribe to every known mailing list in
> > existence, so as to be spammed to death in hopes of discovering
something
> > new?
>
> I don't recommend that as an approach for discovering new malware, as
> my experience is that it has a poor return if discovering new malware
> is your (main) objective.
>
>
> --
> Nick FitzGerald
> Computer Virus Consulting Ltd.
> Ph/FAX: +64 3 3529854
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
Powered by blists - more mailing lists