> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Steve Wray > Sent: Sunday, 1 February 2004 10:46 a.m. > To: 'Paul Schmehl'; [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] MyDoom download info > > If a virus could spread slowly but stealthily, it could be all over > the planet and activated before any antivirus vendor became aware > of its presence and came out with a fix; it wouldn't matter much > if it took a year of quiet spreading.
Nah, that would work if there were no honeypots. I'm sure that 99% of AV companies, as well as numerous other security companies/individuals run honeypots and they would catch this pretty quickly as your worm can't know what's honeypot and what isn't (I'm not going into honeypot detection techniques now). Therefore, the only way for a worm to be successful is to spread as fast as it can, what in turn results in disruptions of service for host machine and easier detection. Cheers, Bojan _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
