ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #054 [Re: Disassembled virus?] (1 message, 854 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)
Date: Sat 16:17:15 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 051] [Thread Next: 057] [Message Prev: 052] [Message Next: 056]
> You certainly cannot keep others from trying by > protecting one copy of a program after it's been propagated all over the > Internet. I'm protecting the C version, not the binaries; I don't care about the latter, we've stopped them. But I hope to keep people from trivially replacing a single C routine with something that uses a "new" bug and starting the whole thing over again. Seems like a win to me! It's a distinctly non-trivial task to decompile a stripped, encrypted binary into something that can be understood. > Besides, the methods have been described in detail, making it > easy to reproduce even if the code is not available. Not true. The methods for this *attack* have been described, methods that will no longer work. The methods that it used to move itself around the net, to find out where to next move itself, to coordinate between multiple versions on a single machine, etc. etc. have not been described, and, I think, are unlikely to receive much attention. > The ONLY thing that > will discourage copy-cats is severe punishment for the author. I agree -- but in case they remain adamant, I don't want to turn it into an exercise in using vi. --keith
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|