funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 30 Dec 2005 18:17:36 +1300
Blue Boar to Drsolly:
Both groups will be helped, but the poorer malware coders will be helped more.Any evidence to back that up, or is it an article of faith?
Historically, despite their writing "functional" (and occasionally even "successful") viruses and other malware, most virus/malware writers were poor coders with very limited understanding of what they were doing, often taking code with several generations of development by others (most with similarly poor understanding of what the code actually did and how the systems it interacted with responded) and tweaking it. Often this new code just doesn't work -- I mean, it will compile, but running it has few to none of the intended effects, not even the ones the original did. As just one (high-profile) example, Jan de Witt (sp?) who was fined (?) by a Dutch court for writing and distributing the "Anna Kournikova" virus (technically VBS/VBSWG.J) was just dumb lucky (or unlucky, depending on your perspective) -- the "VBS Worm Generator" version he used to create the VBS Email worm produced mostly non-functional code. When run most code output by the kit (from memory this varied from 100% to around 25% depending on kit's version) threw runtime errors _very_ early in the code (well before the mass-mailing or any destructyive payload routines). After he was found guilty by the court de Witt admitted in an interview that he had never actually tested the code because he did not want to get in trouble for messing up his father's computer... Historically we have seen a few of these very incapable malware writers peer up with others (usually in groups, often organized around producing the newest, most l33t VX zine...) and improve as a result of the tutoring they get from those peers. It is inconceivable that some of the similarly poor among todays bot, downloader, web exploit, etc writers will not relish the opportunity of taking similar advantage of the presumably better-on-average researchers Val hopes to attract to his site. _If_ Val is successful in this _AND_ Val continues without suitable membership vetting some bad guys will certainly gain significant benefit from the site. Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Blue Boar (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Dude VanWinkle (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Drsolly (Dec 28)