[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Wed, May 30, 2012 at 12:23 PM, Simon Waters wrote: > Several of the vulnerabilities mentioned should already be patched, or > rely on doubtful practices. I guess it is possible the major infections > were done via other zero day exploits, or possibly given the age of > infection they were zero day exploits when they were used. So far no zero day exploits have been found, but we don't know when infections started. I also suspect Iran isn't the most anti-malware protected country in the world. Sudan, which saw the third highest number of infections, even less so. > But ultimately the malware has to get in, the data has to get back, and > certainly that later one can be a weakness if sites have good perimeter > security, or even just intrusion detection (so they send the secret > documents out, but at least they spot the unusual traffic and figured out > they were owned). True that. It may well be that what Flame does could have been easily picked up by intrusion-detection software. My guess, however, would be that they the developers use a lot of QA and make sure that what goes out isn't easily detected. Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq