funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!]

From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 28 Dec 2005 18:04:26 -0800
Jason Geffner wrote:

One of the recurring themes I've seen in this thread is: It's easy for
bad guys to get samples, but difficult for good guys to get samples.

This idea has been questioned by many on this thread. If the statement
above is indeed true, then here's a possible reason why:
Based on my personal experience, that theme is a little tangential to reality.
Playing "good guy" for the moment (in case someone doesn't consider me to be), I can go begging around enough to get a sample. What is REALLY difficult for me to get is a properly categorized sample, in a timely manner, with possibly a headstart on the analysis.
Just like anyone else, I can put up my honeypots, troll mailing lists and websites, beg samples from contacts from many timezones and degrees of "in the office", etc... but it will never be as effective as me plus my 99 friends all doing it live.
The bad guy gets as long as he likes to cherrypick his malware. My clock starts ticking the moment he launches it. 

                                        BB
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: