Remedies within half an hour!

[polonus]

Hi forum members,

Malcreants are aware of the juridical consequences of their deeds. This does not stop them from developping new malware, but at the same time they send the remedy and the source code of the virus to big AV vendors. This is the logical explanation to the fact that the big AV products almost immediately (that is within half an hour upon outbreak) can respond to a new threat, without this specific knowledge it would be almost impossible to produce the means to discover a virus, analyze the code, produce a remedy and distribute all this among  subscribers to their service.

greets,

polonus

[Mastertech]

What are you talking about? Why would someone trying to write damaging code willfully submit it to an AV company so they can later get caught and put on trial? You are severly underestimating the resources of AV companies.

[bob3160]

polonus
Are you speeking from personal knowledge or are you getting this from somewhere?
If so, what's the source?

[polonus]

Hi Bob,

Off course polonus would not be polonus if he has no source for it. It was on a Dutch page. The author there, just said the source code must be in to declare the quick response time to virus outnbreaks. I just put it here because I thought it was interesting news. There are more scenarios. Look here: http://www.securitypipeline.com/showArticle.jhtml?articleID=22103885. A motive for the malcreants to spread the source code maybe part of a plan by the author to deflect law enforcement (so juridical consequences as I said), for if he is caught, provide him with an alibi. He can state, duh look here, I was not the author, I am another victim of this code. Then there is a lot of code around in the process of worm and bot wars (bragging codes), and to invite script kiddies to experiment with it, which of course does not go unseen with the AV producers, if not we have fallen victim to the so-called vulnerability gap, and in this forum someone is going to react, either a new posting in the virus and worms or a complaining Tech, telling Avast why there is no cure for this one or why this is a false positive? But I really hope a lot of people are going to react to this thread to find out more about this. Bob this is like fishing you catch the big fish with the small one. So folks search and post, post, post!!

greets,

polonus

[Mastertech]

"Not every copy of Bagle comes with source code," said Joe Telafici, the director of operations for McAfee's anti-virus research team. "A certain percentage does, however, so the author's either setting up a smoke screen or dropping the source to give plenty of 'script kiddies' the chance to make changes."

First off you need to include the source in your post so people understand what you are talking about. The way you wrote it sounds like they email it directly to the AV companies. This is clearly not true. What some are doing is allowing for others to further exploit what they already developed and found out. Two very different things. I don't believe for a minute any but a remote few do it as a "smoke screen".

[Eddy]

Once in a while this story gets some attention. But it is totally bullshit!
People who believe this should visit a psychiatrist

[Lisandro]

But at the same time they send the remedy and the source code of the virus to big AV vendors.

Can anybody from Alwil, perhaps Karel, post anything related to this?
Does this occur in any time in the past?
Thanks.

[igor]

I would not choose these strong words, Eddy, people believe in many things.

Otherwise, the statement is really wrong, of course - in today's world, the new stuff spreads very quickly, so it's certainly not needed to "cooperate" with malware authors. Besides, more and more malware authors are doing it for profit - so sending their stuff to AV companies wouldn't have any sense for them. Last, the source code is not needed to add the detection of the particular malware.

However, some virus writers actually did (do?) that occasionally - but that concerns rare zoo stuff (proof of contept malware, possibly even intentionally disabled to avoid spreading), not "new threads". But again, this has nothing to do with the detection of AV programs.

[Mastertech]

Just think about it logically, the article does not quote any percent of who does this and uses 1 example. Now do the math. How much new malware is discovered daily vs the number that include any source code. Not many.

[polonus]

Hi everybody,

I posted the story more or less as I found it. If it is a hoax or a destillation of a series of half-truths, I cannot say. The author only wondered why there was such a quick response time and destribution to certain viruses. That is all. Security pipeline and their story about juridical implications of source code for some malcreants is valid.
That source code is placed on the net in the hope that somebody picks it up, nobody in his right mind would say this is not true. Maybe the starting line should have been "Some malcreants.....". If something cannot be verified, does not mean that it is untrue. If a scenario is far-fetched does not mean that it is not a possible scenario. Life is stranger than fiction. Polonus never said that this was true, polunus never said he believes this to be true. It is pure speculation to hear how it really works. It is what they call on the Internet luring...and what is wrong with that? What do we think? Iis this a hoax, "broodje aap verhaal" (Mc Monkey"-beef story") ? - or is there some point of truth but in quite another way as some presume? I like to know this. Well igor says some weirdos or excentrics do this occasionally.

greets,

polonus

[bob3160]

Polonus never said that this was true, polunus never said he believes this to be true.

I guess by this that you mean I never said this was true, I never said he believes this to be true.