RE: MyDoom download info

[Steve Wray <steve.wray () paradise net nz>]

> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
> Paul Schmehl
>
> --On Saturday, January 31, 2004 12:25 PM -0500 
> Valdis.Kletnieks () vt edu 
> wrote:
>
> > On Sat, 31 Jan 2004 12:03:37 +1300, Steve Wray
> > <steve.wray () paradise net nz>  said:
> >
> > What worries me is we haven't seen *either* an actual damaging virus
> > (imagine if the last 2 lines of Mydoom were "sleep(4hours); 
> > exec("format c:);") or a "sleeper" virus.
>
> This doesn't worry me much at all.  Since virus writing has 
> been taken over by the scammers, spammers, criminals and thieves, the
last 

Paul, your quoting is a bit off there (makes it look as if I wrote
that),
but to address the points, as one person wrote, its difficult to spread 
fast when you are trying to be stealthy; I would argue that if one is 
stealthy enough, one doesn't need to spread fast since one is trying to 
evade detection rather than evading elimination.

If a virus could spread slowly but stealthily, it could be all over
the planet and activated before any antivirus vendor became aware
of its presence and came out with a fix; it wouldn't matter much
if it took a year of quiet spreading.

Sometimes (and here I go sounding paranoid again) it seems that the
viruses and worms we see are nothing but a smokescreen; they are
SO VERY obvious.

so-called 'script kiddies' and the old school vxers wanted a quick hit
of adrenalin. Organised crime syndicates are a lot more patient.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html