RE: [Full-Disclosure] Sample of Mydoom A & B

["Brad Griffin" <b.griffin@cqu.edu.au>]

Hi all 

ad nauseum

I believe it is full disclosure, but not the local virus code
repository. There is a HUGE (no really, it is HUGE) difference between
'full-disclosure', where the nitty gritty details of a bug/exploit/hole
is described and making available executable malware (read: virus/worm).
I would suggest Mr FitzGerald and I believe Mr Schmehl have explained in
other posts why anti-virus professionals are loathe to supply code to
'outsiders' for want of a better description. 

I'm quite interested in how heat seeking missiles are made and how they
work, but I doubt anyone from the military will give me one for research
or to alleviate my curiosity.

Cheers,
Brad

> -----Original Message-----
> From: Ben Nelson [mailto:lists@venom600.org] 
> Sent: Tuesday, February 03, 2004 9:57 AM
> Nick FitzGerald wrote:
> > ":-\)" <nirt_speed@yahoo.com> wrote:
> > 
> >
snip 
> I 
> am hoping 
> >>someone here has a copy of Mydoom A and B.  If so, please 
> contact me 
> >>off-line.  THANK YOU
> > 
> > 
> > Oh good, so another lamer can "accidentally" spread it further.
> > 
> > There is a very good rule of thumb regarding who needs 
> virus samples 
> > -- if you need to ask on a public mailing list, newsgroup etc, you 
> > don't need them.
snip
> > 
> 
> Sounds a bit elitist to me.....this is "FULL DISCLOSURE" is it not? 
> What about the researcher (or random curious student) who 
> does not have a relationship with any 'hackers' or anti-virus 
> vendors whom they could ask for virus samples?
> 


> --Ben
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html