Do blackhats release their exploits strategically?

The creators of the latest MyDoom variant, which exploits a recently discovered iFrame vulnerability in Internet Explorer, may have timed the release of the viruses to throw Microsoft's monthly patch cycle into disarray. In its latest monthly update on Tuesday, Microsoft was not able to fix a serious vulnerability in the Internet Explorer browser because the flaw was discovered only a few days before the company's regular update was due. The two variants of the MyDoom virus were released earlier this week, leaving the software giant without any option but to ignore the problem--for now. Public disclosure of the vulnerability has been criticized since it does not allow the vendors to be able to develop their patches before information about vulnerabilities becomes public. Since the recent vulnerabilities are announced publicly just couple of days before the Microsoft patch cycle, the software giant did not enough time to develop, test, and ensure that the patch is stable. Therefore, fixes for the recent two vulnerabilities are not included in the last update. This was good news for the malicious users because they can exploit the vulnerability for a conceivable time since the fixes are not included in this batch. This is, however, bad news for the society overall. This should definitely bring up the discussion of the legitimacy of the public disclosure. More.