The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #054 [Re: Disassembled virus?] (1 message, 854 bytes)
SOURCE: http://securitydigest.org/exec/display?f=phage/archive/054.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT

From: bostic@okeeffe.Berkeley.EDU (Keith Bostic)
To: phage
Date: Sat 16:17:15 05/11/1988 EST
Subject: Re: Disassembled virus?
References: [Thread Prev: 051] [Thread Next: 057] [Message Prev: 052] [Message Next: 056]

> You certainly cannot keep others from trying by
> protecting one copy of a program after it's been propagated all over the
> Internet.

I'm protecting the C version, not the binaries; I don't care about the
latter, we've stopped them.  But I hope to keep people from trivially
replacing a single C routine with something that uses a "new" bug and
starting the whole thing over again.  Seems like a win to me!

It's a distinctly non-trivial task to decompile a stripped, encrypted
binary into something that can be understood.

> Besides, the methods have been described in detail, making it
> easy to reproduce even if the code is not available.

Not true.  The methods for this *attack* have been described, methods
that will no longer work.   The methods that it used to move itself
around the net, to find out where to next move itself, to coordinate
between multiple versions on a single machine, etc. etc. have not been
described, and, I think, are unlikely to receive much attention.

> The ONLY thing that
> will discourage copy-cats is severe punishment for the author.

I agree -- but in case they remain adamant, I don't want to turn it
into an exercise in using vi.

--keith

END OF DOCUMENT