Re: [ISN] MyDoom author may be covering tracks

From: InfoSec News (isn@private)
Date: Thu Feb 12 2004 - 04:45:32 PST

  • Next message: InfoSec News: "RE: [ISN] .zip files putting the zap on antivirus products (Three messages)"

    Forwarded from: Dragos Ruiu <dr@private>
    
    On February 11, 2004 02:46 am, InfoSec News wrote:
    > "It stands to reason that the author might be hiding his tracks,"
    > said Craig Schmugar, virus research manager for Network Associates.
    > "He might be trying not to get caught."
    
    I have a different take on it.
    
    The AV vendors (particularly Nick Fitzgerald) have been very vocal of
    late chastising anyone who dares to communicate or share information
    about Mydoom or posting copies of the binaries. (Even though everyone
    already has N copies in their mailbox! :-)  I think this is someone
    flipping the bird to that "thou shalt not discuss virii unless you are
    sanctioned" attitude.
    
    My take: One cannot defend against a threat unless one understands it.
    And people understand better by collaborating with one another.
    
    Replicating code is not rocket science, and no matter how much mystery
    any vendor would like to attach to it, pandora's box cannot be closed
    there regardless of how much some people wish it to be so.
    
    cheers,
    --dr
    
    -- 
    Top security experts.  Cutting edge tools, techniques and information.
    Vancouver, Canada	April 21-23 2004  http://cansecwest.com
    pgpkey http://dragos.com/ kyxpgp
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 12 2004 - 08:24:39 PST