Re: new WIN virus?

From: Atom 'Smasher' (atom_at_suspicious.org)
Date: 01/30/04

  • Next message: ActualMInd: "Web Blog 1.1 Remote Execute Commands Bug" 
    Date: Thu, 29 Jan 2004 19:04:39 -0500 (EST)
To: "pna.lists" <pna.lists@seznam.cz>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > Isn't this a perfect way how to release a new worm into the wild? Hyperlink
    > in a Bugtraq message/archive is a really innovative virus distribution
    > vector. Everybody else submits the suspicious files the the antivirus
    > companies.
    ======================

    1) sure, go ahead and use it. of course, you'd have to decompile it and do
    some re-writing to send sniffed passwords to you, instead of it's intended
    recipient.

    2) living in both an M$-free home & office, i have no relationship at all
    with any of the anti-virus companies. so....

    3) i looked on their web sites for a place to submit a new virus, but
    couldn't find that link. maybe you can tell me where to send it to, so
    i'll know for next time.

    4) i correctly guessed that [someone on] this list would figure out what
    the payload is, and i'm sure someone here knows where to send it, so the
    anti-virus companies are aware of it... more likely is that people in R&D
    at the anti-virus companies follow the list themselves.

    5) i think most people here are (or should be!) capable of safely handling
    and studying a virus without getting themselves infected. anyone who can't
    handle it safely should be discouraged from playing with it by the file
    name.

    6) maybe i should just contact the virus' author, and tell that that
    they've been discovered. isn't that they proper first step when one
    discovers a flaw in software (or it's distribution)?

    7) a better vector would be a post on a list that is *NOT* full of
    computer security professionals. the link could claim to have something to
    do with the topic of the list, and probably not be called "live-virus.tgz"

            ...atom

     _______________________________________________
     PGP key - http://smasher.suspicious.org/pgp.txt
     3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
     -------------------------------------------------

            "Anyone who doubts that terrorists could smuggle a
             nuclear warhead into New York City should note that
             they could always wrap it in a bale of marijuana."
                    -- Graham Allison, The Boston Globe 27 October 1999
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (FreeBSD)

    iD8DBQFAGZ+bnCgLvz19QeMRAjK5AJ0cXTeg7FYroSA+XBjFS29yldVrYgCcD68d
    nujF4a6K7bucaf20mZHSn7Y=
    =J3si
    -----END PGP SIGNATURE-----

  • Next message: ActualMInd: "Web Blog 1.1 Remote Execute Commands Bug"