[Full-Disclosure] HEADS UP VIRUS BEING SPREAD one of our rea
nick at virus-l.demon.co.uk
Sun May 25 23:39:14 BST 2003
Ed Carp to me to someone else:
> > It is an existing, well-known (and "old") virus, reliably ID'ed by
> > just about any virus scanner updated since late Feb this year. There
> > are abundant informed and informative descriptions of how it works
> > all over the web. It seems Mr Wood and your good self must be about
> > the only "security experts" who have not already encountered it.
> I wonder, how does one make oneself such an excellent target for virii so
> one can claim bragging rights such as those? "Gee, we were the *first* to
> discover XXX virus!" ...
Generally, one does not.
It is quite a long time since I'd have bragging rights to being "one
of the first to discover <some virus>" based on stuuff arriving
through my Email. Being on and posting to many mailing lists and
reading and posting Usenet news increases the amount of all manner of
unsolicted Email -- from spam to self-mailing viruses to occasional
requests for help with things you wrote about so many years ago you
barely recall knowing anything about them -- that comes through your
"We were the first to discover <some virus>" claims tend to go to the
larger AV companies as they have the largest "catchment areas" (i.e.
most customers) and thus get more new malware submitted (often
entirely automatically by their Email and content scanners) to their
processing queues. Knowing about them is simply a matter of
foollowing antivirus news -- be it through subscribing to a few AV
vendors' mailing lists, various non-vendor AV mailing lists or simply
through scanning the relevant "newly discovered threats" type pages
on a few AV vendors' web sites.
> ... Or does that mean someone at the company was stupid
> enough to double-click on an unknown attachment from someone they didn't
> know? ...
That happens some places, but not here... (Well, actually it does,
but it is never through stupidity but through the deliberate actions
of someone performing a real analytical study of the suspect program
in a safely isolated test environment.)
> ... Or is the trick to subscribe to every known mailing list in
> existence, so as to be spammed to death in hopes of discovering something
I don't recommend that as an approach for discovering new malware, as
my experience is that it has a poor return if discovering new malware
is your (main) objective.
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Full-Disclosure is hosted and sponsored by Secunia.