[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040131225647.29D6543137@maja.zesoi.fer.hr>
From: Bojan.Zdrnja at LSS.hr (Bojan Zdrnja)
Subject: MyDoom download info
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Steve Wray
> Sent: Sunday, 1 February 2004 10:46 a.m.
> To: 'Paul Schmehl'; full-disclosure@...ts.netsys.com
> Subject: RE: [Full-Disclosure] MyDoom download info
>
> If a virus could spread slowly but stealthily, it could be all over
> the planet and activated before any antivirus vendor became aware
> of its presence and came out with a fix; it wouldn't matter much
> if it took a year of quiet spreading.
Nah, that would work if there were no honeypots. I'm sure that 99% of AV
companies, as well as numerous other security companies/individuals run
honeypots and they would catch this pretty quickly as your worm can't know
what's honeypot and what isn't (I'm not going into honeypot detection
techniques now).
Therefore, the only way for a worm to be successful is to spread as fast as
it can, what in turn results in disruptions of service for host machine and
easier detection.
Cheers,
Bojan
Powered by blists - more mailing lists