Re: MyDoom author may be covering tracks

[InfoSec News <isn () c4i org>]

Forwarded from: Dragos Ruiu <dr () kyx net>

On February 11, 2004 02:46 am, InfoSec News wrote:
> "It stands to reason that the author might be hiding his tracks,"
> said Craig Schmugar, virus research manager for Network Associates.
> "He might be trying not to get caught."

I have a different take on it.

The AV vendors (particularly Nick Fitzgerald) have been very vocal of
late chastising anyone who dares to communicate or share information
about Mydoom or posting copies of the binaries. (Even though everyone
already has N copies in their mailbox! :-)  I think this is someone
flipping the bird to that "thou shalt not discuss virii unless you are
sanctioned" attitude.

My take: One cannot defend against a threat unless one understands it.
And people understand better by collaborating with one another.

Replicating code is not rocket science, and no matter how much mystery
any vendor would like to attach to it, pandora's box cannot be closed
there regardless of how much some people wish it to be so.

cheers,
--dr

-- 
Top security experts.  Cutting edge tools, techniques and information.
Vancouver, Canada       April 21-23 2004  http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.