While reading up on the Excel 0day, I was interested to note that the trojan it drops (Downloader.Boolia.A) uses the same techniques Sensepost demonstrated with Setiri at BlackHat 2002. This is interesting for two reasons:

1. The new potential threats we hype/demonstrate as security researchers almost never seem to end up being used 'in the wild'.
2. Given that Sensepost demonstrated this in 2002, gave code to virii researchers and released a defence PoC (Casper), surley heuristics should pick this up?

What we can really learn from this is that the wrongs of the world are Sensepost's fault and this problem can be resolved with litigation and references to something patriotic. Jokes aside, I also wouldn't mind knowing why Symantec was distributing these signatures on the 14th of June, but we, the public, only got to hear about it on the 16th? I got to hear about it at 8am when cron fired off my rss2sms script, which I thought was seriously cool.

In my soon-to-be-published paper, I make a point that it is a good idea for vendors to make friends with security researchers in an effort to encourage delayed disclosure (some people call it 'responsible' disclosure).

It is interesting then to see that Microsoft will be throwing a party for security researchers at BlackHat. This, along with their BlueHat efforts is a very good idea. I look forward to seeing if it pays off given the past (and somewhat current) negative opinion of some security practitioners towards Microsoft. Or, more simply, will it have a material effect on the number of Microsoft 0days?