Full Disclosure mailing list archives
Re: DoomJuice.A, Mydoom.A source code
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Tue, 10 Feb 2004 16:13:22 +1300
"Riad S. Wahby" <rsw () mit edu> wrote:
According to most reports on the matter, DoomJuice delivers the source of Mydoom.A to infected computers. I'm running an informal seminar on malware and this could be an invaluable teaching aid. ...
In what way would it be "an invaluable teaching aid"? I can see how it could be used as an invaluable _publicity_ aid for attracting folk to the class. However, as a teaching aid, it is highly unlikely to be of much more or less value than the source of any of dozens upon dozens of other malwares, and and that value would be very low... Unless you are planning on teaching malware _writing_? For folk interested in work in the antivirus and related security fields, source code is all but worthless. We rarely have the source code of the malware we have to analyse -- at least, we rarely have it in advance of, or concurrent with, having do such analyses. Reverse engineering is the name of this game and source code is then useless -- if you have source you need not reverse and if you must reverse you would not have the source... Also, from a purely pedagogical perspective (I majored in Psychology and Education), I find your claim that having the source of this malware "could be an invaluable teaching aid" deeply suspicious. Teaching from the specific is generally superficial, less long-lasting and generalizes much less well than providing a good theoretical grounding in the subject matter. Could you expound the theoretical applications that presenting this specific malware's source code to your class would illustrate especially well? Finally, whether you obtain this code or not, what aspects of the ethics of possessing, handling, distributing, etc such code will be you be teaching? Personally, I doubt they will be substantial (or even present) as your initial approach to obtaining the code shows a serious lack of concern for some significant ethical issues straight off...
... Thus, if anyone has the source, I'd greatly appreciate if you'd mail it to me off-list or point me towards an appropriate URL.
And what controls will you be placing on your students obtaining, copying, etc the code? Given your brazenly open and "uncaring" request here, why should we expect that you will take any special care with the code and its further distribution to and among those taking your class and their room-mates, buddies and other contacts? -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: Re: DoomJuice.A, Mydoom.A source code Frank Knobbe (Feb 10)
- RE: [inbox] Re: Re: DoomJuice.A, Mydoom.A source code Curt Purdy (Feb 10)
- Re: Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Papp Geza (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Filipe A. (Feb 10)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 11)
- Re: Re: Re: DoomJuice.A, Mydoom.A source code Filipe A. (Feb 11)
- Re: DoomJuice.A, Mydoom.A source code Riad S. Wahby (Feb 09)
- Re: DoomJuice.A, Mydoom.A source code Nick FitzGerald (Feb 09)
- <Possible follow-ups>
- RE: Re: DoomJuice.A, Mydoom.A source code Nick Jacobsen (Feb 10)