Saturday, January 27, 2007

Warezov: The Unseen Fight

This week, iDefense publicly announced to the world that antivirus firms had not yet decompiled the “secret” payload inside the Warezov worm, otherwise known as “Stration”. They basically came out and said we’ve been collectively sitting on our tails, missing the payload for weeks. This is rubbish.

As investigators at the FBI can attest, one of our researchers, Patrick Knight, actually nailed the Warezov threat weeks ago, before anyone else, literally within hours of identification. Using some really smart detective skills, he deduced that the worm indeed has a hidden purpose, and went further to decompile information from the payload that we felt could help bring the perps to justice.

As is normal for us, we called the FBI and gave them what we’d uncovered. At that time there was no public announcement regarding the fact that the Warzov/Stration worm had a sophisticated payload, so the FBI asked us to stay quiet about our discoveries. So we just updated our def files to protect our customers and otherwise kept silent.

That was weeks ago. Then yesterday, iDefense decided to come out and collectively bash the antivirus industry, us included, for not having “cracked the code” on Warezov (Stration). They took this opportunity to announce their discovery of the previously-secret payload, and mess up any chance of this international investigation going anywhere. Great job, guys.

Here’s a suggestion for a certain security firm in Virginia: Rather than beat up the entire anti-malware industry for no good reason, next time, consider making a call to the authorities when you find something. You might actually make the world a more secure place - and save yourself from the embarrassment of being called out for an inaccurate public statement.

No comments: