we (only?) see the poorly crafted ones

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci911816,00.html

This is apparently what was previously thought to be a Trojan.

"Over the last week or so, Stumbler has been probing networks
looking for open ports on firewalls and hosts. That information is then
sent to a now defunct IP address. The program contains several
programming errors, which limits its effectiveness. On top of that,
Stumbler cannot spread itself. Someone needs to consciously install it on
a system."

We are spending energy and media space on stuff like this, which has,
apparently, been puzzling to those doing the looking and yet is not well
crafted.  An interesting bit of technology that was either put
together hastily or poorly.

The article goes on to say: "Clearly, the version of Stumbler that
exists in the wild is not that dangerous. "It isn't very serious,
but the next generation of it may be much more serious"
".

We just do not know whether there are "next generations"
already here; because we might not be detecting them.  What we
detect continues to be rather blatant or poorly done or seemingly just
for notoriety.

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************