funsec mailing list archives
Re: write viruses? it's controversy time of the month
From: Drsolly <drsollyp () drsolly com>
Date: Wed, 30 Aug 2006 02:10:34 +0100 (BST)
On Tue, 29 Aug 2006, Blue Boar wrote:
Dude VanWinkle wrote:What if the viruses you create are programmed to only work on a private IP range (10.254.127.0/24), or that expire after a certain date (say 1 week). Does that remove the unwanted moral hangups?Most people in the AV industry would say that you created a variant, and now they might not detect it, and that's much worse (than spreading the original.) Interestingly, I did pretty much exactly that with Nimda.A, in order to test a product I was developing. Afterwards, I thought I would be a good guy, and submit samples to the AV companies.
Uh - no. That's not being a good guy. Being a good guy, means you deleted all copies of the virus. By sending it to the AV companies, you have added a very tiny amount to the virus problem. If a product is doing exact identification (such as Findvirus certainly did when I was maintaining it), then an addition variant means that I have to add ten or twenty bytes to the driver file. This makes the product take a minute fraction of a second longer to run (because it's reading a longer file at startup), and consumes fractionally more bytes on the distribution diskettes (or if distributing over the net, adds a tiny fraction of a second to the download time.
I spelled out what I had done in the email. I said something to the effect of "I made a variant of Nimda.A". Most of the responses I got back were "That's a variant of Nimda.A. We detect it as 'Nimda.A'" Uhh... thanks.
Surely at least one of them explained to you why what you did wasn't a good idea? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: write viruses? it's controversy time of the month, (continued)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 30)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- RE: write viruses? it's controversy time of the month Craig Schmugar (Aug 29)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Valdis . Kletnieks (Aug 29)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- RE: write viruses? it's controversy time of the month Larry Seltzer (Aug 29)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 29)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 29)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 30)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)