[funsec] Re: Malware sharing? People are full of shit [was: Get
your computer viruses here!]
Joe Jaroch (Tera Innovations, Inc.)
security at terainnovations.com
Thu Dec 29 11:42:12 CST 2005
Look at the LovSan/Blaster case. Most of the variants that were spawned
off were just hex edited samples. <Anyone> could do this with ANY sample
and in a world where 0days might become more popular, that can cause a
lot of troubles if a group of a couple hundred bad guys hex edit a
couple hundred viruses and release them at once -- ick.
Tera Innovations, Incorporated.
>On Wed, 28 Dec 2005, val smith wrote:
>>A thought I just had in the shower:
>>This is a question for Mr. Blackhat McNasty (as drsolly so eloquently names
>>Lets say you were looking to do some evil and needed some malware to do it.
>> Then you came across a site that had some malware you could download.
>>Along with the software was an analysis of the malware, signatures, broken
>>protections, dissassmblies, etc. and a large number of people were aware of
>>the malware, would you want to use said malware?
>Maybe. Mr. Blackhat McNasty isn't the sharpest knife in the drawer, and
>needs quite a lot of help to get his act together. So, starting from that
>malware, he could make a few changes so that the analysis wasn't correct
>any more (maybe change some URLS it uses), and so that the signatures
>didn't work (shuffle some instructions around), and now he has his product
>that he can ship to a zillion computers via his friend Blackhat McSpammer.
>Fun and Misc security discussion for OT posts.
>Note: funsec is a public and open mailing list.
More information about the funsec