funsec mailing list archives
RE: write viruses? it's controversy time of the month
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 30 Aug 2006 13:22:48 +1200
Blanchard_Michael () emc com wrote:
What about writing a virus, but never intending for it to get out, but it gets out? ...
Addressed elsewhere in the thread already...
... Um, Melissa anyone?
Were you born with selective stupidity, or have you been cultering it? Smith knew exactly what he was doing. He had released several earlier Word macro viruses exactly the same way (Usenet posts from the same stolen ("phished" in its original meaning) AOL account, mostly to "sex" groups with "free password" or similar Subject: lines). These were apparently written by at least two of Smith's different macro virus writer identities -- VicodinES and Alt- F11 (of the AVM (Alternative Virus Mafia) group). He had written a couple of previous Word macro viruses with Email- oriented components -- not self-mailers, but messing with using VBA macros and VBS scripts to send Email (particularly with Outlook in W97M/ColdApe). Further, he had written a "white paper" -- Theory Of Better File Virus Distribution -- about strategies for improving the efficiency of virus spread and distribution through the use of various network-oriented and SE methods. He not only knew he was writing a virus that he intended to release, but he _expected_ (or at least greatly hoped) Melissa to be "bigger" than any he had previously written and released.
I'm not gunna touch it any further though, ...
Good, because you made a right balls-up of it so far. And, as you've got me started on this, I'll add (although it's not directly related to what Michael said, it touches some other issues raised in related threads the last few days) that the only virus writer who could conceivably straight-facedly stand up in court, under oath and claim "I never imagined that it would have anything like the impact it did" was Robert Tappan Morris Jr. As his first real "network worm" showed the rest of us just what could happen if you "experimented" with these things "carelessly", the most anyone since can honestly claim is that they _hoped_ their bumblings would not have similarly dire effects. Of course, they are thereby admitting they are clueless, ill- informed fools (doesn't sit well with either the media-supplied "brilliant hacker" epithets or the massive volumes of egg on incompetent corporate admin faces), but it is inconceivable that anyone can honestly claim, in light of the widespread knowledge of the Morris worm event and the media coverage of all manner of vaguely similar and not so similar events since that they _should not_ at least have foreseen that their own bumblings could cause such "unintended" effects and thus they were knowingly irresponsible in engaging in those bumblings... The Dutch judge who heard the Jan de Wit (VBS/VBSWG.J; aka "Anna Kournikova worm") case understood this and commented more or less to that effect in denying de Wit's claim that the outcome was unintended and he had not foreseen that such massive distribution and consequent damage could occur as a result of his actions. Sadly, too few folk like Michael came forward to the Dutch authorities to register the actual damage VBS/VBSWG.J caused them (I'm not saying Michael or his company were affected by VBS/VBSWG.J -- they may have been and they may or may not have reported it to the Dutch authorities if they were; I don't know). That is why de Wit got such a light sentence.
... I have a cell phone to throw! :-)
How'd that go? More successful than your effort above, I hope... 8-) Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: write viruses? it's controversy time of the month, (continued)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 29)
- Re: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Valdis . Kletnieks (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 29)
- RE: write viruses? it's controversy time of the month Nick FitzGerald (Aug 29)
- Re: write viruses? it's controversy time of the month Dude VanWinkle (Aug 29)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 30)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 30)
- Re: write viruses? it's controversy time of the month Drsolly (Aug 30)
- Re: write viruses? it's controversy time of the month Blue Boar (Aug 30)