>>>> This story is just too fantastical to be true. We're talking about a ridiculously sophisticated piece of malware, which has been found nowhere else, and is absurdly high visibility (people don't keep using computers which are obviously infected with something).
Unless you're a state sponsored agency looking to test a zero day exploit. What better way to test it then to attack one of the top infosec researchers in the industry?
Think about it. You get one of the top researchers to figure out your malware, bring in all his friends to figure out how it works and then publish the results - giving you exactly what you need to refactor it so it's completely untraceable, and non-responsive to efforts to try and stop it from propagating.
What I'm posing is, if you had malware this successful at spreading itself, the very last thing you would do is attach a high-visibility payload to it (disabling system devices like the CDROM drive - allegedly).
Your hypothesis isn't much better - hostile organizations don't give you a chance to figure out a defense strategy, especially when there's no risk of deployment. You don't need a test for a virus - you use it, and then you make another one.
Unless you're a state sponsored agency looking to test a zero day exploit. What better way to test it then to attack one of the top infosec researchers in the industry?
Think about it. You get one of the top researchers to figure out your malware, bring in all his friends to figure out how it works and then publish the results - giving you exactly what you need to refactor it so it's completely untraceable, and non-responsive to efforts to try and stop it from propagating.
I'm not sayin, I'm just sayin. . .