On Sat, 31 Jan 2004 12:03:37 +1300, Steve Wray <[EMAIL PROTECTED]> said:
What worries me is we haven't seen *either* an actual damaging virus (imagine if the last 2 lines of Mydoom were "sleep(4hours); exec("format c:);") or a "sleeper" virus.
This doesn't worry me much at all. Since virus writing has been taken over by the scammers, spammers, criminals and thieves, the last thing they want to do is destroy their bots. Their purpose isn't to infect and harm, it's to infect and use for their nefarious purposes - like the recent extortion attempts on online gambling sites (threatening to shut them down through DDoS during the Super Bowl thereby depriving them of large amounts of revenue.)
The irony is the vxers got replaced by the professional criminals. Now the concern is not getting infected, it's making sure the computer is really and truly clean. It would be nice if the malware *did* use exec(format C:). It would save networks a lot of time cleaning up and identify the infected machines quickly. :-)
Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
