RE: MyDoom download info

["Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>]

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Steve Wray
> Sent: Sunday, 1 February 2004 10:46 a.m.
> To: 'Paul Schmehl'; full-disclosure () lists netsys com
> Subject: RE: [Full-disclosure] MyDoom download info
>
> If a virus could spread slowly but stealthily, it could be all over
> the planet and activated before any antivirus vendor became aware
> of its presence and came out with a fix; it wouldn't matter much
> if it took a year of quiet spreading.

Nah, that would work if there were no honeypots. I'm sure that 99% of AV
companies, as well as numerous other security companies/individuals run
honeypots and they would catch this pretty quickly as your worm can't know
what's honeypot and what isn't (I'm not going into honeypot detection
techniques now).
Therefore, the only way for a worm to be successful is to spread as fast as
it can, what in turn results in disruptions of service for host machine and
easier detection.

Cheers,

Bojan


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html