While reading up on the Excel 0day, I was interested to note that the trojan it drops (Downloader.Boolia.A) uses the same techniques Sensepost demonstrated with Setiri at BlackHat 2002. This is interesting for two reasons:
- The new potential threats we hype/demonstrate as security researchers almost never seem to end up being used 'in the wild'.
- Given that Sensepost demonstrated this in 2002, gave code to virii researchers and released a defence PoC (Casper), surley heuristics should pick this up?
What we can really learn from this is that the wrongs of the world are Sensepost's fault and this problem can be resolved with litigation and references to something patriotic. Jokes aside, I also wouldn't mind knowing why Symantec was distributing these signatures on the 14th of June, but we, the public, only got to hear about it on the 16th? I got to hear about it at 8am when cron fired off my rss2sms script, which I thought was seriously cool.
Trackbacks
Trackback specific URI for this entry
No Trackbacks