Re: [Full-Disclosure] win2kup2date.exe ?
From: Qber_GuidoZ?= (uberguidoz_at_gmail.com)
To: James Tucker <email@example.com> Date: Fri, 3 Sep 2004 02:06:32 -0400
James Tucker said:
> There is always no need for aggressive statement of suspicion, which
> you are close to here. While I understand aggression due to anger, I
> am concerned that one should not get angry at someone offering them
> a service merely because one is suspicious of them. What if the offer
> of help is entirely genuine?
Amen. Not only that, but was also said, the choice to do so or not is yours.
-- Peace. ~G On Fri, 3 Sep 2004 02:19:07 +0100, James Tucker <firstname.lastname@example.org> wrote: > On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald > <email@example.com> wrote: > > Über GuidoZ wrote: > > > > > ... If you want to email me a copy of it, I'll > > > rip it apart and see what can be seen. > > > > And world plus dog should entrust you with such material because??? > ... most viruses, trojans and malware to not store copies of stolen > data in their executables. Furthermore the file size is very small. > > > > P.S. Send it to [...] - it's my "catch all" for > > > virus/unknown files. Just be sure to ZIP it up or else the web host > > > won't let it through. Otherwise I have disabled all checks/scan. > > > Downloads directly to a secured Linux box. > > > > That's all very nice, but alone, far from the makings of someone to > > entrust arbitrary, suspected malware samples to. > > "Entrust", just what exactly are you thinking you might be giving away? > > > I'm also rather suspicious of your promotion of Virus Total. Hispasec, > > as far as I can tell (Spanish being something I have to have translated > > via online services), has no antivirus or similar product of its own, > > I do not necessarily trust this company or their service. Having said > that, if they produced their own Anti-Virus package, to put other > vendors scanning engines in a publicly available service would either > be damaging to their business, or considered anti-competitive. > > > yet it has set up, and some folk seem to be promoting, what is > > effectively a sample collection mechanism. I've also heard vague > > rumblings that Hispasec/Virus Total does not have suitable licenses for > > at least some of the scanners used in its service (and strongly suspect > > that several of the AV vendors whose products are currently used would > > not allow their products to be licensed for use in a service of the > > kind Virus Total offers anyway because it paints a rather disturbing > > trust picture -- "You can trust me because I can run a virus > > scanner..."). > > Again, you suspect allot of deception here, and while it is of course > possible you are correct, I have yet to see this ever done in > practice. Samples of non-data carrying viruses or trojans are of > little use to anyone other than Anti-Virus firms, as it is easy to > collect raw source for most if one is so inclined. > I agree that it is unlikely they have sufficient client licenses to > provide such a service; however I can see that there are a great deal > of arguments in law about how their case may be won. They may for > example only be required to carry one license, they could argue that > they are simply allowing users to deliberately infect their systems, > and making portions of the logs publicly available. > > If there are viruses which commonly copy target system data, or > sensitive data into their binaries at the present time (I imagine the > mention of this deception may well spring at least one such virus) > then I apologise that I am not aware of it. If the report of the virus > name in question is accurate (which IIRC it has been now verified by > someone else) then the binary is not carrying sensitive data. > > Having said all of the above, your concern is not mis-placed, and if > you feel uncomfortable with any such possibility of giving away a > minor amount of data, then certainly make good your freedom and choose > not to do so. > > There is always no need for aggressive statement of suspicion, which > you are close to here. While I understand aggression due to anger, I > am concerned that one should not get angry at someone offering them a > service merely because one is suspicious of them. What if the offer of > help is entirely genuine? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html