lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSF.4.58.0401291814400.39640@erfrnepu.fhfcvpvbhf.bet>
Date: Thu, 29 Jan 2004 19:04:39 -0500 (EST)
From: Atom 'Smasher' <atom@...picious.org>
To: "pna.lists" <pna.lists@...nam.cz>
Cc: bugtraq@...urityfocus.com
Subject: Re: new WIN virus?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Isn't this a perfect way how to release a new worm into the wild? Hyperlink
> in a Bugtraq message/archive is a really innovative virus distribution
> vector. Everybody else submits the suspicious files the the antivirus
> companies.
======================

1) sure, go ahead and use it. of course, you'd have to decompile it and do
some re-writing to send sniffed passwords to you, instead of it's intended
recipient.

2) living in both an M$-free home & office, i have no relationship at all
with any of the anti-virus companies. so....

3) i looked on their web sites for a place to submit a new virus, but
couldn't find that link. maybe you can tell me where to send it to, so
i'll know for next time.

4) i correctly guessed that [someone on] this list would figure out what
the payload is, and i'm sure someone here knows where to send it, so the
anti-virus companies are aware of it... more likely is that people in R&D
at the anti-virus companies follow the list themselves.

5) i think most people here are (or should be!) capable of safely handling
and studying a virus without getting themselves infected. anyone who can't
handle it safely should be discouraged from playing with it by the file
name.

6) maybe i should just contact the virus' author, and tell that that
they've been discovered. isn't that they proper first step when one
discovers a flaw in software (or it's distribution)?

7) a better vector would be a post on a list that is *NOT* full of
computer security professionals. the link could claim to have something to
do with the topic of the list, and probably not be called "live-virus.tgz"


        ...atom

 _______________________________________________
 PGP key - http://smasher.suspicious.org/pgp.txt
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3
 -------------------------------------------------

	"Anyone who doubts that terrorists could smuggle a
	 nuclear warhead into New York City should note that
	 they could always wrap it in a bale of marijuana."
		-- Graham Allison, The Boston Globe 27 October 1999
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAGZ+bnCgLvz19QeMRAjK5AJ0cXTeg7FYroSA+XBjFS29yldVrYgCcD68d
nujF4a6K7bucaf20mZHSn7Y=
=J3si
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ