| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: joel at helgeson.com (Joel R. Helgeson) Subject: Tracking a virus by logging infected machines Why would any virus writer do this? This leads a clear audit trail that would lead the authorities directly back to the creator. I suppose it wouldn't be a bad thing if the virus author was looking for some free room & board for the next 5-10 years. Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "Richard M. Smith" <rms@...puterbytesman.com> To: <jasonc@...ence.org>; <full-disclosure@...ts.netsys.com> Sent: Monday, September 01, 2003 6:38 PM Subject: [Full-Disclosure] Tracking a virus by logging infected machines > Hi Jason, > > >>> Is there any way to determine who the winner is? > > Not that I want to encourage virus writing, but I think it would be very > helpful to gather infection statistics if a virus were to keep a log of > the IP addresses of all the machines it infected. The log could be > appended to the end of the executable file of the virus. Each copy of a > worm or virus would contain a record of one branch of the tree of > infected machines. > > To make a log easy to locate and extract, the log can start with an > easily identified string such as "VIRUS INFECTION LOG\n". IP addresses > should be recorded in ASCII with a \n between each IP address. > > Richard > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists