[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] MyDoom download info
- To: "'Paul Schmehl'" <pauls@utdallas.edu>, full-disclosure@lists.netsys.com
- Subject: RE: [Full-Disclosure] MyDoom download info
- From: Steve Wray <steve.wray@paradise.net.nz>
- Date: Sun, 01 Feb 2004 10:46:09 +1300
> [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
> Paul Schmehl
>
> --On Saturday, January 31, 2004 12:25 PM -0500
> Valdis.Kletnieks@vt.edu
> wrote:
>
> > On Sat, 31 Jan 2004 12:03:37 +1300, Steve Wray
> > <steve.wray@paradise.net.nz> said:
> >
> > What worries me is we haven't seen *either* an actual damaging virus
> > (imagine if the last 2 lines of Mydoom were "sleep(4hours);
> > exec("format c:);") or a "sleeper" virus.
>
> This doesn't worry me much at all. Since virus writing has
> been taken over by the scammers, spammers, criminals and thieves, the
last
Paul, your quoting is a bit off there (makes it look as if I wrote
that),
but to address the points, as one person wrote, its difficult to spread
fast when you are trying to be stealthy; I would argue that if one is
stealthy enough, one doesn't need to spread fast since one is trying to
evade detection rather than evading elimination.
If a virus could spread slowly but stealthily, it could be all over
the planet and activated before any antivirus vendor became aware
of its presence and came out with a fix; it wouldn't matter much
if it took a year of quiet spreading.
Sometimes (and here I go sounding paranoid again) it seems that the
viruses and worms we see are nothing but a smokescreen; they are
SO VERY obvious.
so-called 'script kiddies' and the old school vxers wanted a quick hit
of adrenalin. Organised crime syndicates are a lot more patient.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html