Re: FBI Virus Alerts
From: info (info@safer-hex.com)Date: 09/29/01
- Previous message: H C: "Code Red Specifics"
- Maybe in reply to: twistsiwt@hushmail.com: "FBI Virus Alerts"
- Next in thread: Gary Maltzen: "Re: FBI Virus Alerts"
- Reply: Gary Maltzen: "Re: FBI Virus Alerts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <a05101011b7dbcd90f2b4@[192.168.1.10]> Date: Sat, 29 Sep 2001 21:43:11 +0200 To: David Kennedy CISSP <david.kennedy@acm.org>, Chris Salter <securityfocus@loncps.demon.co.uk> From: info <info@safer-hex.com> Subject: Re: FBI Virus Alerts
Also sprach Chris Salter um 12:14 Uhr +0100 am 29.09.2001:
>
>This prompts me to ask a question that I have been meaning to ask for
>sometime. My apologies if it has been addressed before. Are these report
>statistics published by the AV vendors accurate representations of virus
>activity in the field?
the prob for people like us is, each vendor has different standards
when a certain category is assigned or an alert is issued.
there is also varying time lags between the vendors. in the case of
Nimda it was comparatively short, the first being Sophos [Date: Tue,
18 Sep 2001 16:45:07 +0100 (BST)] the last being McAfee some 7 hrs
later, minutes after Trend Micro. CERT followed shortly after while
we received no alert from Kaspersky. Symantec, too, is usually very
hesitative to ring the alarm bell...
Also sprach David Kennedy CISSP um 11:02 Uhr -0400 am 29.09.2001:
>
>(...) I can hardly wait to see if it
>makes the Wild List.
>
that means, as long as you don't see it in the list, it isn't there?
we operate an alert service, and when an a/v vendor sends an alert
with the subject line
Also sprach Trend Micro Info Service um 14:29 Uhr +0100 am 27.09.2001:
>(...)
>Subject: SEVERE OUTBREAK: TROJ_VOTE.C
then I don't wait until their webmasters wake up but forward it to my
readers who expect me to do just that and not wait until I have the
first samples in our editorial mail boxes to check if it's real.
period!
Dre.
p.s. I'm aware that many a/v vendors sometimes create a hype but we
have the policy better to warn to often but ASAP, rather than to warn
when it's too late.
--[ C A M R I N N E T W O R K ] the jrpamc.com internet information services [jrpamc@camrin.net] : [http://www.camrin.net]
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: H C: "Code Red Specifics"
- Maybe in reply to: twistsiwt@hushmail.com: "FBI Virus Alerts"
- Next in thread: Gary Maltzen: "Re: FBI Virus Alerts"
- Reply: Gary Maltzen: "Re: FBI Virus Alerts"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
