RE: write viruses? it's controversy time of the month

[Nick FitzGerald <nick () virus-l demon co uk>]

Blanchard_Michael () emc com wrote:

> What about writing a virus, but never intending for it to get out,
> but it gets out?  ...

Addressed elsewhere in the thread already...

> ...  Um, Melissa anyone? 

Were you born with selective stupidity, or have you been cultering it?

Smith knew exactly what he was doing.

He had released several earlier Word macro viruses exactly the same way 
(Usenet posts from the same stolen ("phished" in its original meaning) 
AOL account, mostly to "sex" groups with "free password" or similar 
Subject: lines).  These were apparently written by at least two of 
Smith's different macro virus writer identities -- VicodinES and Alt-
F11 (of the AVM (Alternative Virus Mafia) group).

He had written a couple of previous Word macro viruses with Email-
oriented components -- not self-mailers, but messing with using VBA 
macros and VBS scripts to send Email (particularly with Outlook in 
W97M/ColdApe).

Further, he had written a "white paper" -- Theory Of Better File Virus 
Distribution -- about strategies for improving the efficiency of virus 
spread and distribution through the use of various network-oriented and 
SE methods.

He not only knew he was writing a virus that he intended to release, 
but he _expected_ (or at least greatly hoped) Melissa to be "bigger" 
than any he had previously written and released.

> I'm not gunna touch it any further though, ...

Good, because you made a right balls-up of it so far.

And, as you've got me started on this, I'll add (although it's not 
directly related to what Michael said, it touches some other issues 
raised in related threads the last few days) that the only virus writer 
who could conceivably straight-facedly stand up in court, under oath 
and claim "I never imagined that it would have anything like the impact 
it did" was Robert Tappan Morris Jr.  As his first real "network worm" 
showed the rest of us just what could happen if you "experimented" with 
these things "carelessly", the most anyone since can honestly claim is 
that they _hoped_ their bumblings would not have similarly dire 
effects.  Of course, they are thereby admitting they are clueless, ill-
informed fools (doesn't sit well with either the media-supplied 
"brilliant hacker" epithets or the massive volumes of egg on 
incompetent corporate admin faces), but it is inconceivable that anyone 
can honestly claim, in light of the widespread knowledge of the Morris 
worm event and the media coverage of all manner of vaguely similar and 
not so similar events since that they _should not_ at least have 
foreseen that their own bumblings could cause such "unintended" effects 
and thus they were knowingly irresponsible in engaging in those 
bumblings...

The Dutch judge who heard the Jan de Wit (VBS/VBSWG.J; aka "Anna 
Kournikova worm") case understood this and commented more or less to 
that effect in denying de Wit's claim that the outcome was unintended 
and he had not foreseen that such massive distribution and consequent 
damage could occur as a result of his actions.  Sadly, too few folk 
like Michael came forward to the Dutch authorities to register the 
actual damage VBS/VBSWG.J caused them (I'm not saying Michael or his 
company were affected by VBS/VBSWG.J -- they may have been and they may 
or may not have reported it to the Dutch authorities if they were; I 
don't know).  That is why de Wit got such a light sentence.

> ... I have a cell phone to throw!  :-)

How'd that go?

More successful than your effort above, I hope...    8-)


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.