Full Disclosure mailing list archives
RE: HEADS UP VIRUS BEING SPREAD one of our rea
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 26 May 2003 11:39:14 +1300
Ed Carp to me to someone else:
It is an existing, well-known (and "old") virus, reliably ID'ed by just about any virus scanner updated since late Feb this year. There are abundant informed and informative descriptions of how it works all over the web. It seems Mr Wood and your good self must be about the only "security experts" who have not already encountered it.I wonder, how does one make oneself such an excellent target for virii so one can claim bragging rights such as those? "Gee, we were the *first* to discover XXX virus!" ...
Generally, one does not. It is quite a long time since I'd have bragging rights to being "one of the first to discover <some virus>" based on stuuff arriving through my Email. Being on and posting to many mailing lists and reading and posting Usenet news increases the amount of all manner of unsolicted Email -- from spam to self-mailing viruses to occasional requests for help with things you wrote about so many years ago you barely recall knowing anything about them -- that comes through your mailbox. "We were the first to discover <some virus>" claims tend to go to the larger AV companies as they have the largest "catchment areas" (i.e. most customers) and thus get more new malware submitted (often entirely automatically by their Email and content scanners) to their processing queues. Knowing about them is simply a matter of foollowing antivirus news -- be it through subscribing to a few AV vendors' mailing lists, various non-vendor AV mailing lists or simply through scanning the relevant "newly discovered threats" type pages on a few AV vendors' web sites.
... Or does that mean someone at the company was stupid enough to double-click on an unknown attachment from someone they didn't know? ...
That happens some places, but not here... (Well, actually it does, but it is never through stupidity but through the deliberate actions of someone performing a real analytical study of the suspect program in a safely isolated test environment.)
... Or is the trick to subscribe to every known mailing list in existence, so as to be spammed to death in hopes of discovering something new?
I don't recommend that as an approach for discovering new malware, as my experience is that it has a poor return if discovering new malware is your (main) objective. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Religion. Was HEADS UP..., (continued)
- RE: Religion. Was HEADS UP... Ed Carp (May 25)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? morning_wood (May 24)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Mads Tansø (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? morning_wood (May 24)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Ed Carp (May 25)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Ron DuFresne (May 27)
- RE: HEADS UP VIRUS BEING SPREAD one of our readers infected? Mads Tansø (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? Etaoin Shrdlu (May 25)
- Re: HEADS UP VIRUS BEING SPREAD one of our readers infected? Valdis . Kletnieks (May 24)
- Re: HEADS UP VIRUS BEING SPREAD one of our rea Nick FitzGerald (May 24)
- RE: HEADS UP VIRUS BEING SPREAD one of our rea Ed Carp (May 25)
- RE: HEADS UP VIRUS BEING SPREAD one of our rea Nick FitzGerald (May 25)
- Re: HEADS UP VIRUS BEING SPREAD one of our rea morning_wood (May 25)
- Re: HEADS UP VIRUS BEING SPREAD one of our rea Nick FitzGerald (May 25)
- RE: HEADS UP VIRUS BEING SPREAD one of our rea Ed Carp (May 25)