Watching Them Watching Us Watching Them
Some time ago, the author of W32.Gatt had posted a comment on his Web site that said he read my blog entry aboutthis particular virus. From there on in he assumes that we visit hispage often. In fact, we have no need for it—customers are doing thatfor us.
We receive samples almost as soon as they appear on any Web site,anywhere in the world, and we are notified about curious comments likethat one. To quote the virus author's entry: "Interpretation without acontext of information." Well, exactly. Interestingly, while the authorclaims that Symantec was wrong about why the source was not released,he does not tell us why the source wasn’t released. It must be quitesensitive, maybe even better than my reason, but until we know, I'llstick with my reason.
As far as putting as much effort as possible into proof-of-conceptstuff, this virus required little effort at all. However, we alwaysrespond to such things quickly, because customers might think thatantivirus vendors are not prepared to handle viruses for new platformsand that the gap in protection could be serious for them. A quickresponse to threats on new platforms allays the fears of thosecustomers, at least until the next time.