Forwarded from: Dragos Ruiu <dr@private> On February 11, 2004 02:46 am, InfoSec News wrote: > "It stands to reason that the author might be hiding his tracks," > said Craig Schmugar, virus research manager for Network Associates. > "He might be trying not to get caught." I have a different take on it. The AV vendors (particularly Nick Fitzgerald) have been very vocal of late chastising anyone who dares to communicate or share information about Mydoom or posting copies of the binaries. (Even though everyone already has N copies in their mailbox! :-) I think this is someone flipping the bird to that "thou shalt not discuss virii unless you are sanctioned" attitude. My take: One cannot defend against a threat unless one understands it. And people understand better by collaborating with one another. Replicating code is not rocket science, and no matter how much mystery any vendor would like to attach to it, pandora's box cannot be closed there regardless of how much some people wish it to be so. cheers, --dr -- Top security experts. Cutting edge tools, techniques and information. Vancouver, Canada April 21-23 2004 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 08:24:39 PST