Return-Path: XPUM04@prime-a.central-services.umist.ac.uk Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3) id AA13797; Fri, 1 Jun 90 11:27:09 -0400 Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5) id AA20531; Fri, 1 Jun 90 11:27:01 -0400 Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3) id AA00366; Fri, 1 Jun 90 11:26:41 -0400 Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK via Janet with NIFTP id aa23225; 1 Jun 90 16:02 BST From: Anthony Appleyard To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu> Date: Fri, 01 Jun 90 16:06:00 BST Message-Id: <$TGTWCZCFFBQN at UMPA> Subject: Virus-L vol 0 issue #0505 Virus-L Digest Thu, 5 May 88, Volume 0 : Issue #0505 Today's Topics new files available The Shockwave Rider. A thought... A thought... Another file available DISSEMINATING SOURCE CODE Virus source code Virus Construction Set Ethics and information ------------------------------ Date: Thu, 5 May 88 08:25:29 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: new files available I just posted three new files to VIRUS-L. They are: DIRTY DOZEN NOBRAIN C CHECKMEM C Thanks to James Ford for sending in the Dirty Dozen list, and to Joe Sieczkowski for sending in the anti-Brain programs. The Dirty Dozen is the "standard" listing of known trojan/virus programs. The two C files are as Joe described - Brain killers. I don't have a Brain damaged :-) disk to test these with, so I'd appreciate any comments (e-mail them to me please) from anyone who tries them out. Thanks again guys! Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = _ /| = = User Services Senior Consultant = Ack Thippfft! \'o.O` = = Lehigh University Computing Center = =(___)= = = Internet: = U = = BITNET: = Bill 'n Opus in '88! = - ---------------------------------------------------------------------- -------------------- Date: Thu, 5 May 88 10:52:00 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: J_CERNY@UNHH Subject: The Shockwave Rider. As a "literary" note on viruses, I thought some readers might be interested in a few quoted fragments from John Brunner's science fiction novel THE SHOCKWAVE RIDER. TSR was published wayyyy-back in 1975! One of the interwoven, though somewhat obscure, themes is of computer worms and viruses used to protect and attack computer data. [p. 24] "Then the answer dawned on him, and he almost laughed. Fluckner had resorted to one of the oldest tricks in the store and turned loose in the continental net a self-perpetuating tapeworm ... . It could take days to kill a worm like that, and sometimes weeks." [p. 25] "Promptly he sent a retaliatory worm chasing Fluckner's. ... According to recent report, there were so many worms and counterworms loose in the data-net now, the machines had been instructed to give them low priority unless they related to a medical emergency." [p. 173] " ... I'd have written the worm as an explosive scrambler, probably about half a million bits long, with a backup virus facility and a last-ditch infinitely replicating tail." [p. 174] "What you need is a worm with a completely different structure. The type they call a replicating phage. And the first thing you must give it to eat is your original worm." Jim Cerny, University Computing, University of N.H. -------------------- Date: Thu, 5 May 88 10:45:00 CDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: GREENY Subject: A thought... Internet: MISS026%ECNCDC.BITNET@CUNYVM.CUNY.EDU Disclaimer: #include What with all of the recent discussions on how giving out viral code and copies of viruses being dangerous, it occured to me that this could be true. An unscrupulous person could very well pervert such code for his/ her/it's own purposes. The solution that most of netland has seemed to arrived at is to not distribute such code, but to distribute the techniques for removing viruses from systems, as well as source code for such removal. Now stop and think about this for a minute, if I am given the technique for removing some infection, it also tells me HOW TO INFECT the system in a similar manner by exposing weak points in the OS. This is as good as releasing the virus in question, and any unscrupulous persons out there with a modicum of intelligence will be able to engineer a virus (which may or may not be even more potent than the one being destroyed...) from the provided information. Therefore, it makes just as much sense not to release any techniques on how to kill the viruses as well as programs that do the actual removal (they could be disassembled and perverted as well). Of course, this is all not possible, since we all must work together in the eradication of these beasties, and as such viral code and viruses should be released to the general public if we are to be able to work on a cure to this problem. You don't see the US government saying "well AIDS is pretty nasty stuff, no one can touch it but us, and we'll get back to ya with our results later..." --- EVERYONE IS WORKING TOGETHER on the eradication of that deadly disease and it should also be such with computer viruses.... * flame off * Bye for now but not for long Greeny Bitnet: MISS026@ECNCDC -------------------- Date: Thu, 5 May 88 13:03:14 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List Comments: In-Reply-To: Message of Thu, 05 May 88 12:04:28 EDT from From: "David M. Chess 862-2245" Subject: A thought... That's probably a good philosophical point, but the practical point behind it isn't quite true. Since the only "weaknesses" that a virus needs to exploit are things like "it's possible for a program to alter another program" and "it's possible to start a process that can intercept I/O calls to the OS", and since those are things that most programmers already know, anti-virus programs don't have to "give away" anything that would help a virus writer. One typical kind of virus-detector just notices (by a checksum or whatever) what executable files have changed since the last time it was run. All that reveals about viruses is that some of them change executable files. More specific anti-virus programs look for certain (meaningless-in-isolation) data in certain places in executable files, and tell you that the file is infected with Virus X if it finds it. All that reveals is that, for instance, "some virus puts the bytes F1 02 97 BC 00 90 at offset 011E in infected COM files" (no, that's not a real example). So it is possible to distribute a certain amount of anti-virus information without spreading any how-to-write-a-virus information. (Note that I have carefully avoided giving any opinion about whether any of the latter sort of information ought to be spread!) Dave Chess Watson Research * Nothing in this posting is an Official Statement of anybody, * whether I work for them or not. -------------------- Date: Thu, 5 May 88 16:04:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Another file available I've posted another file here on VIRUS-L. The filename is: RISKS LOG It contains a complete set of all of the computer virus discussions that have taken place on the RISKS forum over the past year or so. The file is very large, so it was not a good idea to send it to the entire list. Because of the file size, please only retrieve this file if you *really* want it, just to keep unnecessary network traffic to a minimum. For the benifit of newcomers to the list, you can retrieve a file on the list by sending a message to LISTSERV@LEHIIBM1 containing: GET filename filetype For the above file, RISKS LOG, you would send: GET RISKS LOG To get a list of available files, send, also to LISTSERV@LEHIIBM1: INDEX VIRUS-L The available files include a per month log of all of the messages sent to VIRUS-L. Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = _ /| = = User Services Senior Consultant = Ack Thippfft! \'o.O` = = Lehigh University Computing Center = =(___)= = = Internet: = U = = BITNET: = Bill 'n Opus in '88! = - ---------------------------------------------------------------------- -------------------- Date: Thu, 5 May 88 16:07:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: EAE114@URIMVS Subject: DISSEMINATING SOURCE CODE Greeny comments that it is possible to analyze the code for a virus hunter, and thereby develope another, more virulant virus. By way of analogy, he comments that the US government has not declared a monopoly on AIDS research. - - Initial Reaction: Good point. However, while there is no monopoly on the virus, there IS a definate effort to restric access to samples of the virus itself, and rightly so. In terms of distributing source-code of viruses (Virae?) If I have the source code to a virus-killer, I can reverse engineer it, and get a virus; OR i can run it, as is, to hunt viruses. If I have the source code for a VIRUS, I can reverse-engineer it, to make a virus-killer; OR i can run it as is, to infect other systems. - Since I can distribute code that makes it EASY to hunt viruses, and HARD to create them, why distribute code that does the reverse? The only reason I can see for wanting a virus is to test your virus killer, and it seems as if, if you're good enough to write the killer, you ought to be able to write the virus from the description. (PRose: EAE114@URIMVS) - ----------------------------------------------------- Disclaimer: My opinions are supported, dictated, and ghost- written by the University, the state, the federal government, The CIA, and the POPE. If you don't like it, sue them. -------------------- Date: Thu, 5 May 88 16:44:00 EDT Reply-To: Virus Discussion List Sender: Virus Discussion List From: "Kenneth R. van Wyk" Subject: Virus source code I suppose we can argue until our fingers bleed as to why or why not distribute source code to viruses; and there are probably valid arguments for both sides. But, as a matter of somewhat arbitrary policy, I don't think that virus source code should be distributed to the list. Discussion of *how* a particular virus works is great, but distributing the source code is, in my opinion, not a good idea. Distributing source code to a program which "hunts and kills" viruses, however, could be benificial because it is for the common good. So, that's the official standpoint. Comments/suggestions/flames are invited *IF* you e-mail them to me directly and not to the list; it *is* possible to change policy. But, I feel that we've had enough discussion on this matter on the list already. Everyone made good valid points... Ken - ---------------------------------------------------------------------- = Kenneth R. van Wyk = _ /| = = User Services Senior Consultant = Ack Thippfft! \'o.O` = = Lehigh University Computing Center = =(___)= = = Internet: = U = = BITNET: = Bill 'n Opus in '88! = - ---------------------------------------------------------------------- -------------------- Date: Thu, 5 May 88 09:35:00 URZ Reply-To: Virus Discussion List Sender: Virus Discussion List From: BG0@DHDURZ2 Subject: Virus Construction Set Hi folks, bad news from Germany. I have forgotten to tell you something in my last message: Not all people concerned with computer viruses (esp. virus programmers) over here are aware of what they are doing. In April this year a unbelievable program called "VIRUS CONSTRUCTION SET (VCS)" was released at the Hannover computer faire CeBIT. The VCS is a program written for the Atari ST series and allows *EVERY* Atari user to create his "own" virus. The program is menue driven - you can select different infection methods, damage initialisers, damages, and target files. You dont have no know how a virus work to create one, you just have to know how to turn on your Atari and how to start the VCS program!!! No further comments -- All the best to you all, Bernd. -------------------- Date: Thu, 5 May 88 12:32:36 EST Reply-To: Virus Discussion List Sender: Virus Discussion List From: Joe Simpson Subject: Ethics and information I'd like to respond to three thoughts posted to virus-l. 1. The virus that kills the virus. At first thought seems anathema, but I see no problem with it if it follows the ethical restraint: It must not write to a disk without the explicit permission of the disk operator. This includes, of course, "virus removal." 2. There has been a lot of discussion about the need to hide information, and especially code, permitting easy development of viruses. My personal opinion is that it requires little imagination and readily available information to write a virus. Say $30 in manuals and some simple hacking around. If this opinion is accurate, hiding information has little benefit. 3. There is an opinion that no one should download code from bulletin boards. Only source code should be distributed. For most people a virus hidden in source code is just as undetectable as a virus hidden in a machine image. I hope that this opinion will not prevent virus-l from storing useful machine images. If computing society becomes overly protective in response to this anti-social behavior, then we all loose. The analogy with radical revolutionary doctrine is straigforward.