Know Trojan is there, but can't find it

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://www.eweek.com/article2/0,3959,1130765,00.asp

"ISS has been tracking the Trojan for about a month and has yet to
find a copy of its code or successfully trace it back to an infected
machine. Other security vendors and officials at the Department of
Homeland Security are also tracking the Trojan, all without any luck so
far."

This seems to be a bit more interesting than everything else that has
happened over the years.   The article seems to be saying
"we know it is there but cannot find which machine(s) it is on and
we have been trying for a month".  

Think about this for a minute.  They have the suspect packet, all of
the available routing information, and still cannot get back to the
infected host.

On the face of it (with many gains of salt since the media often gets it
not right; i.e., wrong :-), this Trojan is more like what can be expected
from qualified attackers.  Yet even then, the Trojan was discovered
and there is a large probability of not discovering attacks from 
world-class attackers who are not out for fame and notoriety, but to
accomplish a mission of compromise or destruction.

Cheers anyway,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************