funsec mailing list archives
Re: What ever happened to the Code Red worm?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 17 May 2007 12:06:07 +1200
Florian Weimer to Sonny Discini:
A virus that can be cured? Whatever will the AV companies do if we start eradicating virii?They remove it from the signature file.
I know this is funsec, so that was a joke, right? Despite the contributions from others suggesting that it is pure greed motivating AV developers to retain detections of ancient and long- eradicated-ItW malware in their products, it is actually the end-user (and particularly the _corporate_ end-user) that ensures these old detections never die. How? Many of you have your little (and some not-so-little) malware collections -- at a minimum, the stuff you've personally received and/or diagnosed, and usually all that plus samples of most things ever stopped at your content-scannings gateways, etc. Often there's also the contents of one or more of the (once) easily found VX collections from around the web. Some, small-ish, proportion of you quasi-regularly scan those collections with the AV products your employers license "just to make sure". Some of you (a smaller proportion still) even systematically do so as part of your ongoing QA processes, etc. The AV developers brave enough to remove detection of anything likely to be in the cumulative set of all these informal test-sets increases the level of "nonsense" support calls they will have to handle, and (often silently) find their products quickly moving to a "not to be considered" list. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- What ever happened to the Code Red worm? Bruce Ediger (May 15)
- RE: What ever happened to the Code Red worm? Larry Seltzer (May 15)
- RE: What ever happened to the Code Red worm? Gadi Evron (May 15)
- RE: What ever happened to the Code Red worm? Steve Manzuik (May 16)
- RE: What ever happened to the Code Red worm? Discini, Sonny (May 16)
- Re: What ever happened to the Code Red worm? B.K. DeLong (May 16)
- RE: What ever happened to the Code Red worm? Discini, Sonny (May 16)
- Re: What ever happened to the Code Red worm? Florian Weimer (May 16)
- Re: What ever happened to the Code Red worm? Nick FitzGerald (May 16)
- RE: What ever happened to the Code Red worm? Gadi Evron (May 15)
- RE: What ever happened to the Code Red worm? Larry Seltzer (May 15)
- RE: What ever happened to the Code Red worm? Steve Manzuik (May 16)
- RE: What ever happened to the Code Red worm? Larry Seltzer (May 16)