IM Logic withholds details of Santa Claus IM worm, unless youre a customer

[Mo3b3tta () hotmail com]

On Dec. 19th IM Logic released an advisory about a worm spreading through all major IM clients.  See advisory for 
details, or lack thereof. http://www.imlogic.com/im_threat_center/index.asp

If you are not an IM Logic customer you may be hard pressed to find any details of what this threat would look like in 
your environment.  IM Logic did not publicly release any actionable information as to how a non IM Logic customer could 
detect if this worm was already in their network.  But according to Tim Johnson, the Director of IM Logic’s threat 
center, he doesn’t see what all the fuss is about.  All you have to do is buy the company’s product and you will be 
protected.  He did mention that they have a process they follow.  They first tell AOL, MSN or whoever is affected in an 
effort to minimize the current activity.  Then they tell the antivirus vendors about what they know.  Hopefully they 
can detect and stop any current infections, if not…dang, your screwed. Then IM Logic customers get the heads up.  Then 
you as a non-customer have the opportunity to wait for a signature to come out by your antivirus vendor so that you can 
tell if a hacker has a rootkit loaded in you
 r environment.  Oh, darn it, I forgot, according to the official advisory, antivirus vendors can’t detect Santa Claus; 
apparently Santa can put your antivirus to sleep.  I always thought Santa knew if you were asleep, not put you to 
sleep, but I digress.    

So what is the world and security community supposed to do?  Well according to IM Logic, pay them the money and they 
will take care of it for you.  Hmm, I wonder where else we find this type of behavior.  Hold on guys, Toni the Bull is 
at my back door, brb, need 2 make my “insurance payment” AFK….

Back, sorry it took so long.  My left knee is a little sore; I was short on my “insurance payment” this month.  Anyway, 
haven’t we been down this road before?  Do you remember the big antivirus company that tried this stunt and then felt 
the backlash from the security community?  Security companies should follow the same procedures that ethical and 
responsible researchers follow when disclosing vulns.  Most companies do, those that don’t… should we reward them by 
purchase orders?  Not this guy.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------