Re: FBI Virus Alerts

From: Chris Salter (securityfocus@loncps.demon.co.uk)
Date: 09/29/01


Message-ID: <uUzhTgAF0at7EAp3@loncps.demon.co.uk>
Date: Sat, 29 Sep 2001 12:14:13 +0100
To: incidents@securityfocus.com
From: Chris Salter <securityfocus@loncps.demon.co.uk>
Subject: Re: FBI Virus Alerts

In article <3.0.5.32.20010928222108.05228d70@pop.fuse.net>, dated Fri,
28 Sep 2001 at 22:21:08, David Kennedy CISSP <david.kennedy@acm.org>
writes
>At 08:38 AM 9/28/01 +0200, info wrote:
>>[Viruses & Worms] Sophos and Trend Micro report a "severe outbreak"
>>of a variant of day before yesterday's W32/Vote-A alias
>>Win32.Vote.A@mm, W32.Vote.A@mm, that deletes files from infected
>>hard drives.
>
>Except neither Sophos nor Trend are reporting a severe outbreak:
>
>http://www.sophos.com/
> Click on the links for the three Vote variants and they report just
>one report of Vote.A and zero of Vote.B and zero of Vote.C
>
>http://wtc.trendmicro.com/wtc/
> Neither the real-time nor the daily include any flavor of Vote
>
>Message Labs reports zero Vote.

This prompts me to ask a question that I have been meaning to ask for
sometime. My apologies if it has been addressed before. Are these report
statistics published by the AV vendors accurate representations of virus
activity in the field? I can see that during the period before
definitions have been updated, the reports may give some indication of
the virus prevalence. However, how many AV customers report viruses
successfully detected and dealt with? Do the AV vendors have a
representational sample of their customers reporting *all* viruses? Are
just corporate customers providing stats? I am assuming of course that
automatic definition updates processes aren't collecting such
information without the customers permission!

Chris

-- 
Christopher P Salter              mailto:security@loncps.demon.co.uk

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com



Relevant Pages

  • Just a minor screw up by the WHO
    ... a distinct chance of spawning the doomsday virus outbreak prematurely. ... Either via international wild bird flights or other less clear means of importation. ... Officials spooked by bird flu mix-up Public health officials in Europe are taking steps to make sure there's no repeat of a recent incident in which the lethal H5N1 virus ... GLOBE - Scientists who analyzed 67 H5N1 avian influenza viruses from across Africa report that the viruses fall into three distinct sublineages, ...
    (rec.martial-arts)
  • Re: SCAN.EXE - McAfee AntiVirus Software
    ... | of network computers and have only report summaries sent to be via email. ... having Alert Manager receive alerts and send selected personnel NetBIOS pop-ups upon ... There are three parts to McAfee: ... | Virus Scan Report File ...
    (microsoft.public.security.virus)
  • Re: SPyware/Malware help needed
    ... Virus Scan Report File ... Scan engine v4.4.00 for Win32. ... Visit the McAfee Online Web Site ...
    (microsoft.public.windowsxp.security_admin)
  • Bird Flu in Japan
    ... online report that appeared on ProMED-mail. ... attributed to the virus. ... The ministry has a vaccine stockpile, but approved vaccines have not ... with a spate of new outbreaks in villages in Kampaengphet and ...
    (soc.culture.china)
  • Re: Got Alemon Trojan... deleted but cant change wallpaper
    ... Here's the information in the Virus Scan Report File ... Visit the McAfee Online Web Site ... | wallpaper to an .html file. ...
    (microsoft.public.windowsxp.help_and_support)