funsec mailing list archives
Re: No AV? Shock, horror!
From: Rich Kulawiec <rsk () gsp org>
Date: Tue, 29 Sep 2009 17:37:05 -0400
On Tue, Sep 29, 2009 at 09:15:34AM +0200, Dan Kaminsky wrote:
Infections by these rare payloads would constitute a sort of "long tail" of malware -- too rare for a signature, but in aggregate, possibly common enough to represent a significant number of infections. But how common? I mean, we know the long tail doesn't work exactly as promised in the media space. We also know there's a lot of infected boxes out there running AV. It'd be really interesting if we had data around this question.
This is a fascinating question. And there's certainly precedent for abusers to operate in this fashion: consider snowshoe spammers, who distribute their presence and their activities widely in order to minimize the observables, thus decreasing the risk of detection. Given that and other similar tactics, it wouldn't surprise me at all to find that distribution-limited malware has been deployed, in an attempt (again) to decrease the risk of detection, and thus to forestall countermeasures by vendors. But I must admit that, at the moment, I'm at a loss for a methodology by which we could approach this question in a meaningful way -- that is, a methodology that would quantify the answer. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: No AV? Shock, horror!, (continued)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Toralv_Dirro (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 28)
- Re: No AV? Shock, horror! Charles Miller (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 28)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 28)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Paul Ferguson (Sep 29)
- Re: No AV? Shock, horror! Rich Kulawiec (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Charles Miller (Sep 29)
- Re: No AV? Shock, horror! Dan Kaminsky (Sep 29)
- Re: No AV? Shock, horror! Michael Collins (Sep 29)
- Re: No AV? Shock, horror! Nick FitzGerald (Sep 28)