Comments on: Spying on Tibetan sympathisers and activists: Double Dockster* http://www.welivesecurity.com/2012/12/04/spying-on-tibetan-sympathisers-and-activists-double-dockster/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: David Harley http://www.welivesecurity.com/2012/12/04/spying-on-tibetan-sympathisers-and-activists-double-dockster/#comment-3794 Tue, 11 Dec 2012 10:30:32 +0000 http://blog.eset.com/?p=16009#comment-3794 You did see the bit about our already detecting it generically, didn’t you? We process over 100,000 samples a day, and it wouldn’t be a good idea to submit them all to VirusTotal. AV companies can share samples directly without swamping VT’s servers. There’s a lot more to sample processing than you might think. Because of the sheer volume of samples, much of it is automated, and unless something like the Intego post brings specific malware to our attention and makes a particularly interesting point, we may never mention it in a blog or press release. Thanks for the offer, but I doubt if we’ll be hiring you on the basis of your claiming to have uploaded a sample to VT that we (and other companies) may already have had. ;-)

]]>
By: ThePersonWhoOriginallyUploadedItToVirusTotal http://www.welivesecurity.com/2012/12/04/spying-on-tibetan-sympathisers-and-activists-double-dockster/#comment-3793 Mon, 10 Dec 2012 23:39:43 +0000 http://blog.eset.com/?p=16009#comment-3793 This thing was in the wild for a while. It is sad that no antivirus vendors found the exploit payload earlier. The JAR exploit was probably up there for at least a month.
I do not even work for an AV company and I was first to upload it to VirusTotal.
If you want to hire me, just let me know ;)

]]>