msingle
April 19th, 2003, 06:21 PM
Maybe this goes in another part of the forum.
Anyway, let's say I hire someone to write a custom virus (not known by any AV vendors) and I put it in a cool piece of shareware and upload it onto all the download sites.
The download site would scan but not pick up anything because the virus isn't known. I know heuristics will come into play here but that's not the question.
10,000 people download it and then they put it on all their sites and everyone running my cool app gets infected.
At what point does it become ITW and at what point should you expect new definitions to cover it counting from the first day I make it publicly available?
Thanks.
Anyway, let's say I hire someone to write a custom virus (not known by any AV vendors) and I put it in a cool piece of shareware and upload it onto all the download sites.
The download site would scan but not pick up anything because the virus isn't known. I know heuristics will come into play here but that's not the question.
10,000 people download it and then they put it on all their sites and everyone running my cool app gets infected.
At what point does it become ITW and at what point should you expect new definitions to cover it counting from the first day I make it publicly available?
Thanks.