[funsec] Re: Malware sharing? People are full of shit [was: Get your computer viruses here!]

Joe Jaroch (Tera Innovations, Inc.) security at terainnovations.com
Thu Dec 29 11:42:12 CST 2005


Look at the LovSan/Blaster case. Most of the variants that were spawned 
off were just hex edited samples. <Anyone> could do this with ANY sample 
and in a world where 0days might become more popular, that can cause a 
lot of troubles if a group of a couple hundred bad guys hex edit a 
couple hundred viruses and release them at once -- ick.

-Joe Jaroch
Tera Innovations, Incorporated.
http://www.viruscape.com

Drsolly wrote:

>On Wed, 28 Dec 2005, val smith wrote:
>
>  
>
>>A thought I just had in the shower:
>>
>>This is a question for Mr. Blackhat McNasty (as drsolly so eloquently names
>>him).
>>
>>Lets say you were looking to do some evil and needed some malware to do it.
>>
>> Then you came across a site that had some malware you could download.
>>
>>Along with the software was an analysis of the malware, signatures, broken
>>protections, dissassmblies,  etc. and a large number of people were aware of
>>the malware,  would you want to use said malware?
>>    
>>
> 
>Maybe. Mr. Blackhat McNasty isn't the sharpest knife in the drawer, and 
>needs quite a lot of help to get his act together. So, starting from that 
>malware, he could make a few changes so that the analysis wasn't correct 
>any more (maybe change some URLS it uses), and so that the signatures 
>didn't work (shuffle some instructions around), and now he has his product 
>that he can ship to a zillion computers via his friend Blackhat McSpammer.
>
>_______________________________________________
>Fun and Misc security discussion for OT posts.
>https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
>Note: funsec is a public and open mailing list.
>
>
>  
>



More information about the funsec mailing list