| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: se_cur_ity at hotmail.com (morning_wood) Subject: HEADS UP VIRUS BEING SPREAD one of our rea i dont recall ever claiming a "discovery" ..? ----- Original Message ----- From: "Nick FitzGerald" <nick@...us-l.demon.co.uk> To: <full-disclosure@...ts.netsys.com> Sent: Sunday, May 25, 2003 3:39 PM Subject: RE: [Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our rea > Ed Carp to me to someone else: > > > > It is an existing, well-known (and "old") virus, reliably ID'ed by > > > just about any virus scanner updated since late Feb this year. There > > > are abundant informed and informative descriptions of how it works > > > all over the web. It seems Mr Wood and your good self must be about > > > the only "security experts" who have not already encountered it. > > > > I wonder, how does one make oneself such an excellent target for virii so > > one can claim bragging rights such as those? "Gee, we were the *first* to > > discover XXX virus!" ... > > Generally, one does not. > > It is quite a long time since I'd have bragging rights to being "one > of the first to discover <some virus>" based on stuuff arriving > through my Email. Being on and posting to many mailing lists and > reading and posting Usenet news increases the amount of all manner of > unsolicted Email -- from spam to self-mailing viruses to occasional > requests for help with things you wrote about so many years ago you > barely recall knowing anything about them -- that comes through your > mailbox. > > "We were the first to discover <some virus>" claims tend to go to the > larger AV companies as they have the largest "catchment areas" (i.e. > most customers) and thus get more new malware submitted (often > entirely automatically by their Email and content scanners) to their > processing queues. Knowing about them is simply a matter of > foollowing antivirus news -- be it through subscribing to a few AV > vendors' mailing lists, various non-vendor AV mailing lists or simply > through scanning the relevant "newly discovered threats" type pages > on a few AV vendors' web sites. > > > ... Or does that mean someone at the company was stupid > > enough to double-click on an unknown attachment from someone they didn't > > know? ... > > That happens some places, but not here... (Well, actually it does, > but it is never through stupidity but through the deliberate actions > of someone performing a real analytical study of the suspect program > in a safely isolated test environment.) > > > ... Or is the trick to subscribe to every known mailing list in > > existence, so as to be spammed to death in hopes of discovering something > > new? > > I don't recommend that as an approach for discovering new malware, as > my experience is that it has a poor return if discovering new malware > is your (main) objective. > > > -- > Nick FitzGerald > Computer Virus Consulting Ltd. > Ph/FAX: +64 3 3529854 > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists