lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <008f01c37171$5f5bf110$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: Tracking a virus by logging infected machines

To show off. ;-)  The author of the Marker virus did exactly this.

Richard

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Joel R.
Helgeson
Sent: Tuesday, September 02, 2003 12:07 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Tracking a virus by logging infected
machines


Why would any virus writer do this?  This leads a clear audit trail that
would lead the authorities directly back to the creator.

I suppose it wouldn't be a bad thing if the virus author was looking for
some free room & board for the next 5-10 years.

Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and
he'll
be warm for the rest of his life."
----- Original Message ----- 
From: "Richard M. Smith" <rms@...puterbytesman.com>
To: <jasonc@...ence.org>; <full-disclosure@...ts.netsys.com>
Sent: Monday, September 01, 2003 6:38 PM
Subject: [Full-Disclosure] Tracking a virus by logging infected machines


> Hi Jason,
>
>    >>> Is there any way to determine who the winner is?
>
> Not that I want to encourage virus writing, but I think it would be
very
> helpful to gather infection statistics if a  virus were to keep a log
of
> the IP addresses of all the machines it infected.  The log could be
> appended to the end of the executable file of the virus.  Each copy of
a
> worm or virus would contain a record of one branch of the tree of
> infected machines.
>
> To make a log easy to locate and extract, the log can start with an
> easily identified string such as "VIRUS INFECTION LOG\n".  IP
addresses
> should be recorded in ASCII with a \n between each IP address.
>
> Richard
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ