Security Basics mailing list archives
IM Logic withholds details of Santa Claus IM worm, unless youre a customer
From: Mo3b3tta () hotmail com
Date: 21 Dec 2005 21:15:50 -0000
On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients. See advisory for details, or lack thereof. http://www.imlogic.com/im_threat_center/index.asp If you are not an IM Logic customer you may be hard pressed to find any details of what this threat would look like in your environment. IM Logic did not publicly release any actionable information as to how a non IM Logic customer could detect if this worm was already in their network. But according to Tim Johnson, the Director of IM Logics threat center, he doesnt see what all the fuss is about. All you have to do is buy the companys product and you will be protected. He did mention that they have a process they follow. They first tell AOL, MSN or whoever is affected in an effort to minimize the current activity. Then they tell the antivirus vendors about what they know. Hopefully they can detect and stop any current infections, if not dang, your screwed. Then IM Logic customers get the heads up. Then you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can tell if a hacker has a rootkit loaded in you r environment. Oh, darn it, I forgot, according to the official advisory, antivirus vendors cant detect Santa Claus; apparently Santa can put your antivirus to sleep. I always thought Santa knew if you were asleep, not put you to sleep, but I digress. So what is the world and security community supposed to do? Well according to IM Logic, pay them the money and they will take care of it for you. Hmm, I wonder where else we find this type of behavior. Hold on guys, Toni the Bull is at my back door, brb, need 2 make my insurance payment AFK . Back, sorry it took so long. My left knee is a little sore; I was short on my insurance payment this month. Anyway, havent we been down this road before? Do you remember the big antivirus company that tried this stunt and then felt the backlash from the security community? Security companies should follow the same procedures that ethical and responsible researchers follow when disclosing vulns. Most companies do, those that dont should we reward them by purchase orders? Not this guy. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ----------------------------------------------------------------------------
Current thread:
- IM Logic withholds details of Santa Claus IM worm, unless youre a customer Mo3b3tta (Dec 21)