-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 29, 2009 at 12:15 AM, Dan Kaminsky <d...@doxpara.com> wrote:
> > > We would agree: > > > > http://countermeasures.trendmicro.eu/in-security-reputation-is-key/ > > I guess the real question is this: > > How large is the long tail of viruses? > > Suppose, if you will, that there are "hits" in the malware space -- > individual pieces of malware that get spread all over. Suppose we > grant that AV has a reasonably good chance of catching the hits. > > Suppose also that there's some infection rate, below which a > particular attack vector or payload will not have a signature > generated for it because nobody will find it. > > Infections by these rare payloads would constitute a sort of "long > tail" of malware -- too rare for a signature, but in aggregate, > possibly common enough to represent a significant number of > infections. > > But how common? I mean, we know the long tail doesn't work exactly as > promised in the media space. We also know there's a lot of infected > boxes out there running AV. It'd be really interesting if we had data > around this question. A good starting point would be taking a look at the Rogue AV landscape right now -- it's all over the place. It is somewhat unique in this regard, because of the delivery methods being used (e.g. various botnets, social engineering ruses, etc.) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFKwbdtq1pz9mNUZTMRAgimAJ4i21VvPzEWkhNPX4TtR2QwtTNr3wCg6xDw o8fGXfpw7kR4SMCeTfLmBMA= =rfvY -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.