funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!]
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 28 Dec 2005 18:04:26 -0800
Jason Geffner wrote:
One of the recurring themes I've seen in this thread is: It's easy for bad guys to get samples, but difficult for good guys to get samples. This idea has been questioned by many on this thread. If the statement above is indeed true, then here's a possible reason why:
Based on my personal experience, that theme is a little tangential to reality.
Playing "good guy" for the moment (in case someone doesn't consider me to be), I can go begging around enough to get a sample. What is REALLY difficult for me to get is a properly categorized sample, in a timely manner, with possibly a headstart on the analysis.
Just like anyone else, I can put up my honeypots, troll mailing lists and websites, beg samples from contacts from many timezones and degrees of "in the office", etc... but it will never be as effective as me plus my 99 friends all doing it live.
The bad guy gets as long as he likes to cherrypick his malware. My clock starts ticking the moment he launches it.
BB _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Jason Geffner (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit Jeff Kell (Dec 28)