Re: HEADS UP VIRUS BEING SPREAD one of our rea

["morning_wood" <se_cur_ity () hotmail com>]

i dont recall ever claiming a "discovery" ..?

----- Original Message -----
From: "Nick FitzGerald" <nick () virus-l demon co uk>
To: <full-disclosure () lists netsys com>
Sent: Sunday, May 25, 2003 3:39 PM
Subject: RE: [Full-disclosure] HEADS UP VIRUS BEING SPREAD one of our rea


> Ed Carp to me to someone else:
>
> > > It is an existing, well-known (and "old") virus, reliably ID'ed by
> > > just about any virus scanner updated since late Feb this year.  There
> > > are abundant informed and informative descriptions of how it works
> > > all over the web.  It seems Mr Wood and your good self must be about
> > > the only "security experts" who have not already encountered it.
> >
> > I wonder, how does one make oneself such an excellent target for virii
so
> > one can claim bragging rights such as those?  "Gee, we were the *first*
to
> > discover XXX virus!"  ...
>
> Generally, one does not.
>
> It is quite a long time since I'd have bragging rights to being "one
> of the first to discover <some virus>" based on stuuff arriving
> through my Email.  Being on and posting to many mailing lists and
> reading and posting Usenet news increases the amount of all manner of
> unsolicted Email -- from spam to self-mailing viruses to occasional
> requests for help with things you wrote about so many years ago you
> barely recall knowing anything about them -- that comes through your
> mailbox.
>
> "We were the first to discover <some virus>" claims tend to go to the
> larger AV companies as they have the largest "catchment areas" (i.e.
> most customers) and thus get more new malware submitted (often
> entirely automatically by their Email and content scanners) to their
> processing queues.  Knowing about them is simply a matter of
> foollowing antivirus news -- be it through subscribing to a few AV
> vendors' mailing lists, various non-vendor AV mailing lists or simply
> through scanning the relevant "newly discovered threats" type pages
> on a few AV vendors' web sites.
>
> > ...  Or does that mean someone at the company was stupid
> > enough to double-click on an unknown attachment from someone they didn't
> > know?  ...
>
> That happens some places, but not here...  (Well, actually it does,
> but it is never through stupidity but through the deliberate actions
> of someone performing a real analytical study of the suspect program
> in a safely isolated test environment.)
>
> > ...  Or is the trick to subscribe to every known mailing list in
> > existence, so as to be spammed to death in hopes of discovering
something
> > new?
>
> I don't recommend that as an approach for discovering new malware, as
> my experience is that it has a poor return if discovering new malware
> is your (main) objective.
>
>
> --
> Nick FitzGerald
> Computer Virus Consulting Ltd.
> Ph/FAX: +64 3 3529854
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html