Full Disclosure mailing list archives
Re: win2kup2date.exe ?
From: Über GuidoZ <uberguidoz () gmail com>
Date: Fri, 3 Sep 2004 02:06:32 -0400
James Tucker said:
There is always no need for aggressive statement of suspicion, which you are close to here. While I understand aggression due to anger, I am concerned that one should not get angry at someone offering them a service merely because one is suspicious of them. What if the offer of help is entirely genuine?
Amen. Not only that, but was also said, the choice to do so or not is yours. -- Peace. ~G On Fri, 3 Sep 2004 02:19:07 +0100, James Tucker <jftucker () gmail com> wrote:
On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald <nick () virus-l demon co uk> wrote:Über GuidoZ wrote:... If you want to email me a copy of it, I'll rip it apart and see what can be seen.And world plus dog should entrust you with such material because???... most viruses, trojans and malware to not store copies of stolen data in their executables. Furthermore the file size is very small.P.S. Send it to [...] - it's my "catch all" for virus/unknown files. Just be sure to ZIP it up or else the web host won't let it through. Otherwise I have disabled all checks/scan. Downloads directly to a secured Linux box.That's all very nice, but alone, far from the makings of someone to entrust arbitrary, suspected malware samples to."Entrust", just what exactly are you thinking you might be giving away?I'm also rather suspicious of your promotion of Virus Total. Hispasec, as far as I can tell (Spanish being something I have to have translated via online services), has no antivirus or similar product of its own,I do not necessarily trust this company or their service. Having said that, if they produced their own Anti-Virus package, to put other vendors scanning engines in a publicly available service would either be damaging to their business, or considered anti-competitive.yet it has set up, and some folk seem to be promoting, what is effectively a sample collection mechanism. I've also heard vague rumblings that Hispasec/Virus Total does not have suitable licenses for at least some of the scanners used in its service (and strongly suspect that several of the AV vendors whose products are currently used would not allow their products to be licensed for use in a service of the kind Virus Total offers anyway because it paints a rather disturbing trust picture -- "You can trust me because I can run a virus scanner...").Again, you suspect allot of deception here, and while it is of course possible you are correct, I have yet to see this ever done in practice. Samples of non-data carrying viruses or trojans are of little use to anyone other than Anti-Virus firms, as it is easy to collect raw source for most if one is so inclined. I agree that it is unlikely they have sufficient client licenses to provide such a service; however I can see that there are a great deal of arguments in law about how their case may be won. They may for example only be required to carry one license, they could argue that they are simply allowing users to deliberately infect their systems, and making portions of the logs publicly available. If there are viruses which commonly copy target system data, or sensitive data into their binaries at the present time (I imagine the mention of this deception may well spring at least one such virus) then I apologise that I am not aware of it. If the report of the virus name in question is accurate (which IIRC it has been now verified by someone else) then the binary is not carrying sensitive data. Having said all of the above, your concern is not mis-placed, and if you feel uncomfortable with any such possibility of giving away a minor amount of data, then certainly make good your freedom and choose not to do so. There is always no need for aggressive statement of suspicion, which you are close to here. While I understand aggression due to anger, I am concerned that one should not get angry at someone offering them a service merely because one is suspicious of them. What if the offer of help is entirely genuine?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- win2kup2date.exe ? bashis (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- Re: win2kup2date.exe ? Nick FitzGerald (Sep 02)
- Re: win2kup2date.exe ? James Tucker (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 03)
- Re: win2kup2date.exe ? Nick FitzGerald (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- <Possible follow-ups>
- RE: win2kup2date.exe ? James Patterson Wicks (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- Re: win2kup2date.exe ? James Tucker (Sep 02)
- Re: win2kup2date.exe ? Über GuidoZ (Sep 02)
- Re: win2kup2date.exe ? James Tucker (Sep 03)
- Re: win2kup2date.exe ? Nick FitzGerald (Sep 03)
- Re: win2kup2date.exe ? Bart . Lansing (Sep 08)
- Re: win2kup2date.exe ? Bugtraq Security Systems (Sep 08)
- Re: win2kup2date.exe ? Nick FitzGerald (Sep 03)