Full Disclosure mailing list archives
RE: virus-binaries
From: "Drew Copley" <dcopley () eeye com>
Date: Wed, 20 Aug 2003 14:21:02 -0700
-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Andreas Gietl Sent: Wednesday, August 20, 2003 12:19 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] virus-binaries Hi folks, since there were a lot of virus-binary-request on the list the last day and there was a huge discussion about sending binary-files on the list i'd like to propose s.th. - there were a lot of double-requests on the list, because people were not able to find binaries in the archives. What about marking these posts with [Virus-Binary: <Name>] or something like that so people can easily find them? - As what i can see every new worm/virus is requested on the list, so what if the first one on the list that catches a worm just puts it on a webpage and post the link with subject as described above? It looks like lots of people on the list really need these binaries (me included) and this would save a lot of time. Suggestions welcome, flames off-list please;-)
This would be great, but I don't think it would give netsys much value to add this to their system from a business perspective. There are various virus trading groups out there. These people are not researchers or network admins. They trade virii like baseball cards. They tend to be secretive, and often this is because trading in virii is not considered to be a positive thing... Even if you have a legitimate reason to be getting these. Various sites in the past have hosted such binary collections... There was coderz.net, which was a giant repository of various virii writer sites and collection sites... There is 29a which is a group that does everything in a full disclosure kind of spirit, but also a bit bent. As one poster noted, there is an opensource Unix AV system which has, of course, an open database. Generally, the pseudo-All Powerful AV industry frowns apon this kind of thing. These are people that "discover" applications released to the full disclosure community. They would be quoted in articles about such a thing ranting about how evil such a thing is. How dare people outside of AV attempt to catalogue and classify virii for their own protection! Lastly, if this was not clear, such a list or site would also tend to lean towards becoming a new virus clearing house. It does depend on how it was run and the intentions with which it was started, perhaps. But, I am all for it. For firewall checks, for scanner checks, for general reverse engineering purposes of the latest attack vectors... This kind of thing is quite important outside of the pure AV industry.
Andreas -- e-admin internet gmbh Andreas Gietl tel +49 941 3810884 Ludwig-Thoma-Strasse 35 fax +49 (0)1805/39160 - 29104 93051 Regensburg mobil +49 171 6070008 PGP/GPG-Key unter http://www.e-admin.de/gpg.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- virus-binaries Andreas Gietl (Aug 20)
- RE: virus-binaries Anthony Aykut (Aug 20)
- RE: virus-binaries Drew Copley (Aug 20)
- HP Tandem NonStop servers david king (Aug 21)
- Re: HP Tandem NonStop servers KF (Aug 21)
- Re: HP Tandem NonStop servers Tom Knienieder (Aug 21)
- Re: HP Tandem NonStop servers KF (Aug 21)
- Re: HP Tandem NonStop servers Larry W. Cashdollar (Aug 21)
- Re: HP Tandem NonStop servers and other off topic crap Kurt Seifried (Aug 21)
- HP Tandem NonStop servers david king (Aug 21)
- RE: HP Tandem NonStop servers Rick Kingslan (Aug 21)
- Re: HP Tandem NonStop servers yossarian (Aug 22)
- Re: HP Tandem NonStop servers Valdis . Kletnieks (Aug 21)