Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]

["Joe Jaroch (Tera Innovations, Inc.)" <security () terainnovations com>]

Look at the LovSan/Blaster case. Most of the variants that were spawned 
off were just hex edited samples. <Anyone> could do this with ANY sample 
and in a world where 0days might become more popular, that can cause a 
lot of troubles if a group of a couple hundred bad guys hex edit a 
couple hundred viruses and release them at once -- ick.

-Joe Jaroch
Tera Innovations, Incorporated.
http://www.viruscape.com

Drsolly wrote:

> On Wed, 28 Dec 2005, val smith wrote:
>
>  
>
> > A thought I just had in the shower:
> >
> > This is a question for Mr. Blackhat McNasty (as drsolly so eloquently names
> > him).
> >
> > Lets say you were looking to do some evil and needed some malware to do it.
> >
> > Then you came across a site that had some malware you could download.
> >
> > Along with the software was an analysis of the malware, signatures, broken
> > protections, dissassmblies,  etc. and a large number of people were aware of
> > the malware,  would you want to use said malware?
> >    
>
> Maybe. Mr. Blackhat McNasty isn't the sharpest knife in the drawer, and 
> needs quite a lot of help to get his act together. So, starting from that 
> malware, he could make a few changes so that the analysis wasn't correct 
> any more (maybe change some URLS it uses), and so that the signatures 
> didn't work (shuffle some instructions around), and now he has his product 
> that he can ship to a zillion computers via his friend Blackhat McSpammer.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
>
>  

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.