Full Disclosure mailing list archives
Re: MyDoom.b samples taken down
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sun, 01 Feb 2004 14:47:07 +1300
Kurt Weiske <kweiske () kataan org> wrote:
Daniel and Mike, thanks for making those files available for those of us who wish to research this virus firsthand, instead of relying on (sometimes) wildly innacurate media and "expert" reporting. Shame on McAfee for succeeding in intimidating a fellow researcher - I
It seems that "intimidation" may have been too strong a word -- see Daniel's latest post -- but whatever...
guess that's what happens when viruses become Big Business; use whatever FUD is available to limit your competitio, increase market share and maximize shareholder value. Foo.
No -- that's what happens when you actually have half a clue about the huge _further_ damage such things can do if actually successfully distributed. Mydoom.B has largely _not_ taken off, but all it probably needs is a touch of the usual "luck" which is all that distinguishes most successful mass-mailers from the huge numbers of unsuccessful ones lamers, like those on this list clamouring to get a Mydoom.B sample, never see. I know most of you will not believe this because you so stupid you already believe that live virus samples are _just_ information and therefore _should_ be subject to "full disclosure" (this is a special form of ignorance that very little empirical evidence seems able to budge -- at least until a holder of the ignorance is the person bitten by it), _but_ each extra copy of Mydoom.B downloaded from the various URLs published on this list increases the likelihood that the virus writer will have his "glory" with the Mydoom.B variant as well. The cost of that far outweighs the value of the jollies a few of you will get from working out how to unpack the "hacked" UPX compression used, poking a few clever comments into your disasm, or mastering ROT13 to "decrypt" the virus' internal strings. In the process, some of you will run it in a VM connected via virtual network to the real Internet (because you are so stupid you believe that "because you run Linux you are safe" or you forgot you enabled bridged networking for some "special reason" and never got round to disabling it) and more copies of it will "escape" (we see this often). And you want to subject the world to that threat because you want to spend hours and hours doing what has been done "well enough" in multiple professional security company labs for them to ship detection and repair utilities within minutes to an hour or two of first receiving a sample of it several days ago. Get real... Try handling dozens of these a day and then see what you feel about the quality of the work of those labs and that 'wildly innacurate [...] "expert" reporting'.... And save me the almost inevitable full-disclosure mantra BS replies! I really do not want to hear your ignorance rephrased that way, again -- at least walk the walk before you try to talk the talk... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: MyDoom.b samples taken down Mike (Jan 31)
- RE: MyDoom.b samples taken down Frank Knobbe (Jan 31)
- Re: MyDoom.b samples taken down Kurt Weiske (Jan 31)
- Re: MyDoom.b samples taken down Nick FitzGerald (Jan 31)
- Re: MyDoom.b samples taken down Kurt Weiske (Jan 31)
- Re: MyDoom.b samples taken down Nick FitzGerald (Feb 01)
- Re: MyDoom.b samples taken down Ed Carp (Jan 31)
- Re: MyDoom.b samples taken down Nick FitzGerald (Feb 01)
- Re: MyDoom.b samples taken down Valdis . Kletnieks (Feb 01)
- Re: MyDoom.b samples taken down Paul Schmehl (Feb 01)
- Re: MyDoom.b samples taken down Valdis . Kletnieks (Feb 01)
- Re: MyDoom.b samples taken down Nick FitzGerald (Feb 01)
- Re: MyDoom.b samples taken down Nick FitzGerald (Jan 31)
- Re: MyDoom.b samples taken down Nick FitzGerald (Feb 01)
- Re: MyDoom.b samples taken down Nick FitzGerald (Feb 01)