lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040131225647.29D6543137@maja.zesoi.fer.hr>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: MyDoom download info

 

> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of 
> Steve Wray
> Sent: Sunday, 1 February 2004 10:46 a.m.
> To: 'Paul Schmehl'; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] MyDoom download info
> 
> If a virus could spread slowly but stealthily, it could be all over
> the planet and activated before any antivirus vendor became aware
> of its presence and came out with a fix; it wouldn't matter much
> if it took a year of quiet spreading.

Nah, that would work if there were no honeypots. I'm sure that 99% of AV
companies, as well as numerous other security companies/individuals run
honeypots and they would catch this pretty quickly as your worm can't know
what's honeypot and what isn't (I'm not going into honeypot detection
techniques now).
Therefore, the only way for a worm to be successful is to spread as fast as
it can, what in turn results in disruptions of service for host machine and
easier detection.

Cheers,

Bojan



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ