Re: Trojan horse Downloader.Generic.ML

From: Roger Wilco (yesman_at_yourservice.invalid)
Date: 06/22/05 

Date: Wed, 22 Jun 2005 10:52:15 -0400

"Zvi Netiv" <support@replace_with_domain.com> wrote in message
news:lrcib19u9au3o933lv0tc2304qtv81oh2j@4ax.com...
> kurt wismer <kurtw@sympatico.ca> wrote:
>
> > >>as malware can make arbitrary changes, processing the entire file
is
> > >>required... if you're only worried about parasitic infection then
sure,
> > >>for some types of files you may only need to check a subset of the
> > >>entire file, but integrity checkers aren't *just* for detecting
that
> > >>sort of thing...
> > >
> > > Malware doesn't make arbitrary changes, full stop.
> >
> > so data diddlers don't exist?
>
> Not really, and there are good reasons why not. The most famous data
diddler,
> is the now extinct Ripper boot virus. Even at the peak of the boot
infectors
> short era, Ripper was more of a conversation piece than a real threat
(Simon
> Widlake would mention it often). The reason for its rarity is that
> destructiveness counters prevalence: The more destructive malware is,
the
> lesser are its chances to survive and spread.

But now we are starting to see so-called Warhol worms with destruction
triggered at peak population. Were talking malware here not just
viruses.
[snip]

> > you can't recover overwritten objects merely from an integrity
> > fingerprint...

I just knew that "overwriters are not viruses" would be revisited, but
at least it isn't me this time.

> You seem having forgotten the very basics of virus and antivirus
technology.
> Here is a brief reminder (state of the art ca '95) :
>
> The definition of virus ( www.invircible.com/glossary.php ) is: "A
virus is
> parasitic computer code that replicates by producing functional copies
of itself
> into host files. The infected hosts inherit the replication ability of
the
> affecting virus, in addition to maintaining the original functionality
of the
> host program or file."

For those that might be interested, here's this from:

www.madchat.org/vxdevl/papers/avers/afl01.pdf

(a very good read technically - I found the English a little "bumpy"
though)

***************

Definition 4.1.: A computer virus is defined as a part of a program
which is attached to a
program area and is able to link itself to other program areas. The code
of computer virus
has to be executed when that program area is to be executed which the
virus has been
attached to.

Viruses have not to execute the original part of the program area, but
the viruses often do
it because they want to be unobserved. In this case the original part of
the program area
has to be repaired by the virus. In the opposite case the virus may
overwrite the program
area thus the virus destroys it.

****************

The definitions of "virus", "worm" and "trojan" are often tailored to
the specific needs of the area of technology the expounding person
inhabits. IMO this "Mathematical Model of Computer Viruses" should be
the thread their "virus definition" fabric is woven from. If the need
arises (and it apparently has) to create a dichotomy between viruses
with "reversible virus infection methods" to those with "irreversible
virus infection methods" and futher with those with "neuterable virus
infection methods", then they should define new words to describe them
and not redefine existing words.

Relevant Pages

  • Re: Trojan horse Downloader.Generic.ML
    ... > is the now extinct Ripper boot virus. ... I just knew that "overwriters are not viruses" would be revisited, ... program area and is able to link itself to other program areas. ... with "reversible virus infection methods" to those with "irreversible ...
    (comp.security.firewalls)
  • The Truth About AIDS. Biological Warfare at is finest
    ... AIDS was created in a test tube and released into the population. ... Contrary to widespread speculations that human AIDS viruses arose from ... National Cancer Institute researchers noted that "only one virus ... virus RNA, associated with leukemia and sarcoma development, and ...
    (rec.org.mensa)
  • Re: WHO: Swine Flu Could Trigger Global Pandemic
    ... all worked up over the right of humans to temporarily camp in The ... Its a natural process, viruses are able ... sense of what a virus is and how it works. ... host as it is replicating, and transfer this genetic information to a ...
    (alt.gathering.rainbow)
  • Re: I switched to Firefox because--Solved
    ... Mac OS 9 and earlier had some virus problem, but none so far for Mac OS ... Earlier Mac viruses do not impact Mac OS X. ... > was AutoStart 9805, the first known Macintosh worm, which originated in Asia ...
    (microsoft.public.windowsxp.general)
  • Re: GAH! Pandemic fears excuse for power grab!
    ... INFLUENZA PANDEMICS AND OUTBREAK OF H5N1 VIRUS IN HONG KONG IN 1997 ... Origin of Pandemic Viruses That Emerged in the 20th Century ... Four human influenza pandemics have occurred in this century. ... involve genes encoding HA (high cleavability due to multiple basic amino ...
    (rec.martial-arts)