Full Disclosure mailing list archives

Re: [VirusTotal] Scan result (fwd)

From: Michel Messerschmidt <lists () michel-messerschmidt de>
Date: Fri, 3 Sep 2004 11:53:05 +0200

On Fri, Sep 03, 2004 at 10:43:50AM +0530, Aditya Deshmukh wrote:

hey if the binary is infected and does not contain any hardcoded 
sencitive info what do u care about the owners of the website ?


Unless for (a purely theretical) example the website would use your 
submission to infect others (perhaps with your address as sender) :-) 
Although the binary may not contain any sensitive data, it is dangerous 
in itself because it is self-replicating and thus hard to control once 
it is activated. If your are not very cautious when handling 
self-replicating code, you most likely end up sending it out to the 
world.

So for the question how to handle possibly dangerous code 
it all comes down to "Who do you trust" ?

-- 
Michel Messerschmidt           lists () michel-messerschmidt de
antiVirusTestCenter, Computer Science, University of Hamburg

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[VirusTotal] Scan result (fwd) bashis (Sep 02)
- Re: [VirusTotal] Scan result (fwd) joe smith (Sep 02)
  - RE: [VirusTotal] Scan result (fwd) Aditya Deshmukh (Sep 02)
    - Re: [VirusTotal] Scan result (fwd) Michel Messerschmidt (Sep 03)
    - Re: [VirusTotal] Scan result (fwd) Barry Fitzgerald (Sep 03)
    - Re: [VirusTotal] Scan result (fwd) joe smith (Sep 03)
- Re: [VirusTotal] Scan result (fwd) Über GuidoZ (Sep 02)
  - Re: [VirusTotal] Scan result (fwd) Michel Messerschmidt (Sep 03)
    - Re: [VirusTotal] Scan result (fwd) Über GuidoZ (Sep 03)
- Re: [VirusTotal] Scan result (fwd) Nick FitzGerald (Sep 02)
  - Re: [VirusTotal] Scan result (fwd) Über GuidoZ (Sep 03)