Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 01
Chaos Digest Lundi 4 Janvier 1993 Volume 1 : Numero 1
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.01 (4 Janv 1993)
File 1--Annonce de Presse (Reprint)
File 2--Reactions sur "C'est decide! J'ecris mon virus"
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from jbcondat@attmail.com. The editors may be contacted
by
voice (+33 1 40101775), fax (+33 1 40101764) or S-mail at: Jean-Bernard
Condat,
Chaos Computer Club France [CCCF], 47 rue des Rosiers, 93400 St-Ouen, France
Issues of Chaos-D can also be found on some French BBS. Back issues also may
be
obtained from the mail server at jbcondat@attmail.com: all incoming messages
containing "Request: ChaosD #x.yy" in the "Suject:" field are answered (x is
the volume and yy the issue).
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited. Some
authors do copyright their material, andthey should be contacted for reprint
permission. Readers are encouraged to submit reasoned articles in French,
English or German languages relating to computer culture and telecommunica-
tions. Articles are preferred to short responses. Please avoid quoting
previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: 16 Oct 92 23:59:59 GMT
From: jbcondat@ATTMAIL.COM
Subject: File 1--Annonce de Presse (Reprint)
MAKING THE NEWS AND BOOKSTANDS
(From "Intelligence Newsletter", No. 202 (Oct. 8, 1992), Page 5,
by Olivier Schmidt)
The computer virus "threat" is back in the news with a new study by
IBM specialist Jeffrey O. Kephart and on the bookstands with a French
do-it-yourself build-your-own manual on viruses. According to Kephart
of IBM's High Integrity Computing Laboratory, most previous theories
on the "social structure of computer use and networks were faulty":
not every machine could make contact with every other machine in one,
two or three "steps". Most individual computers are not connected to
others systems but only to their nearest neighbors. Therefore, most
infections take place not through networks, but through the physical
exchange of disks. Moreover, many of the 1,500 known viruses are not
good replicators and many are not destructive. Even the remaining
good replicators are "almost all defeated by normal anti-virus
programs." To advance knowledge such as this concerning viruses, Chaos
Computer Club France (CCCF) has decided to publish the French
trans-lation of "The Black Book of Computer Virus" by Mark Ludwig
"which was censored in the U.S." (French title, "C'est decide! J'ecris
mon virus," Editions Eyrolles). This "pedagogical" effort is backed by
the European Institute for Computer Anti-Virus Research (EICAR) whose
current president is Dr. Paul Langemeyer who represents Siemens at the
EICAR. The book contains "computer codes for writing your own virus," but
according to CCCF any such virus can be defeated by normal anti-virus
programs. Moreover, there is no French law forbidding the publication of
virus computer codes. The book is intended for "responsible adults" and
bears the warning "Forbidden for readers not 18 years old".
------------------------------
From: jbcondat@ATTMAIL.COM
Date: 31 Dec 69 23:59:59 GMT
Subject: File 2--Reactions sur "C'est decide! J'ecris mon virus"
After the publication in CuD #4.52 (Sun Oct 18, 1992) of the "File
5--Making the news and Bookstands (Reprint)", I receive an incredible
number of well-argumented reactions. The French translation of the
Mark Ludwig's book, cited as followed in the Library of Congress'
general catalog
+++++
01351245 2092974XX STATUS: Active entry
TITLE: The Little Black Book of Computer Viruses, Vol. 1:
Technical Aspects
AUTHOR: *Ludwig, Mark A.*
PUBLISHER: Amer Eagle Pubns Inc PUBLICATION DATE: 02/1991 (910201)
EDITION: Orig. Ed. NO. OF PAGES: 192p.
LCCN: N/A
BINDING: pap. - $14.95
ISBN: 0-929408-02-0
VOLUME(S): N/A
ORDER NO.: N/A
IMPRINT: N/A
STATUS IN FILE: New (90-06)
SUBFILE: PB (Paperbound Books in Print); ST (Scientific and
Technical Books and Serials in Print)
PAPERBOUND BOOK SUBJECT HEADINGS: TECHNOLOGY- COMPUTERS AND
COMPUTER TECHNOLOGY (0000456X)
+++++
is already in France on of the most critical publication of this
winter. All weeks, some critics are available in the press... and the
Chaos Computer Club France is consider as an humor organization,
without any ethics :-)
Some e-mail reactions of so-called specialists of computer viruses are
absolute full of humor. I give you one overview of the style.
ACADEMIC AND WITHOUT REQUIRED-ANSWER
From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Vladimirov Bontchev )
Date: Mon Oct 12 19:26:11 GMT 1992
> The CCCF are translate for a long times the book of Mark Ludwig you cited.
> It's not my PRIVATE initiative but one of my group.
I see... Not a good idea, IMHO...
> This book is forbidden in th US. This book will perhaps not be publish,
The book is NOT forbidden in the USA. Sorry, but your information is
wrong. I wish it were true, but it is effectively impossible to
prevent something from being published in the USA, except if it
threatens the National Security (sic) or contains plain lies (in the
latter case you still can publish it, but are running the risk to be
sued). This "freedom of press" is guaranteed by one of the amendments
to their Constitution.
In fact, Ludwig's book has been -already- published there. I have a
copy of it on my desk.
> Do you mean this French translation (proposed title: "C'est decide! J'ecris
> mon virus") will be an extremely bad think?
If you are asking about the title - I don't know. Why changing the
title? Why not just translating it to something like "Petit livre
noire de virus informatique" or something like that? (Sorry, my French
is horrible.)
If you are asking whether I think that the idea to translate the book
in French is a bad one - yes I definitively think so.
This book is harmful. There is nothing useful that the reader could
learn from it. S/he can only learn how to write viruses, and even this
is not taught properly... :-) The virus techniques described there are
old, silly, and barely work. But nevertheless they are dangerous.
Several years ago, a German called Ralf Burger has published here a
similar book, containing the sources of a few silly viruses. The virus
writing techniques discussed in Burger's book are even less effective
than the ones described in Ludwig's book. But nevertheless, the
viruses described there have been used to create hundreds of variants.
(Those viruses are Vienna, Burger, Number 1, Rush Hour...) The same
will happen with the viruses published in Mark Ludwig's book...
That's why, I consider any publicity of his "oeuvre" to be harmful. In
fact, if you translate and publish it, it will be harmful to your
reputation. After all, you are claiming that CCCF does NOT support
hacking (cracking) and virus writing, but is opposed to it. Even EICAR
might decide that you (as a member) do not conform to its constitution
and Code of Good Conduct... Remember, several years ago IFIP published
an appeal to everybody, including all publishers, to refrain from
publishing virus code.
John McAfee is master of the media shows... :-\ He does this much
better than fighting viruses... :-( The only thing that he does even
better is making money... :-)
My advice to you is: if you can stop the translation and the
publication of this book in France, do it.
VIOLATION OF PRIVACY
From: pelegrin@geocub.greco-prog.fr (Francois PELLEGRINI )
Date: Wed Oct 21 13:38:06 +0100 1992
I write you give you some comments about the mail you sent me about
the brand-new CCCF book.
I am in favor of the publication of such a book, in spite of some points
I find preoccupating:
I am in favor of free software and information, but my concern about viruses
is that they represent a violation of privacy, all the more when they have
harmful abilities. I would be *VERY* angry should a virus blast 2 years of
work done on a hard disk. Even reinstalling a partition is time-consuming,
all the more when you cannot install bought software because they have not
been un-installed before the system crashes! To sum-up, I am in favor of the
prosecution of authors of harmful viruses. To take an example in real life:
would you like someone to enter your apartment (just because you left a
window opened once) and crash all your CDs?
In spite of that, I find their principles of conception exceptionally
interesting and stimulating: as you must put all the replicative code on
as few bytes as possible, virus coding is to me great hack art. I believe
in such educational purposes.
The only point which cause problems is the idea of having lots of different
viruses (not in conception, since it will be based on the book's ideas, but
in code), so that maintaining anti-virus codes will be more and more
expensive in time. By reading such a book, hackers will have big fun and will
experiment new things, but I am afraid of mere-beginners, getting proud of
writing "their" virus, which will just be a copy of what is in the book.
As you talk of "1.500" viruses, I guess you mean PC viruses. As their input
can only happen, even in a local network area, from a magnetic media (I have
not heard about PC networks linked to the Internet), a check at the input
points (floppy-disk equipped machines) is rather secure.
Would you have talked about Internet viruses, the danger would have been
greater (exposing the mail bugs, or similar system faults is not harmless),
as no machine can resist to an invisible Net attack.
P.S.: Just a last idea: I have read some CCC propaganda (I have one of their
books, in French, "Danger: pirates informatiques), and sometimes they prone
free access to information. Does it mean that we are allowed to copy their
book on a copy-machine, rather than buying it? People have spent time
writing books, and expect some money to pay them back for it. It is the
same thing with programs: "Don't let a virus ruin your life!".
MILITARY STYLE
From: WHMurray@DOCKMASTER (William Hugh Murray )
Date: Mon Oct 19 17:43:45 GMT 1992
I am generally opposed to the publication of viruses in code or in
print. Viruses, like other ideas, once published cannot be easily
controlled. The author has almost no control.
Viruses in code can replicate without much human help or assistance. On the
other hand, they keep much of their design and intent concealed.
Currently, viruses in print cannot replicate without considerable human
help. However, their intent is to make their design and intent as
obvious as possible. This may result in even more destructive use of
the ideas.
I consider any publication of viruses in executable code to be
gratuitous at best, destructive at worst. Particularly in print, any
legitimate objectives can be met in psuedo code. Still, while opposed
to any publication, all other things being equal, I have a small
preference for publication in print if publish you will.
While I will attempt to discourage you from any such publication and
will shun you after the fact if you do so, I am opposed to the use of
the power of the state to restrain you. This has almost nothing to do
with how I feel about the essentially destructive nature of your
publication. Rather it is related to the potential for abuse of any
such power granted to the state. While forced to trust the state to
distinguish between classes of destructive behavior, my reading of
history leaves me temporarily convinced that the state should not be trusted
to judge ideas.
THE DAMAGE IS ALREADY DONE
From: weber@vortex.ufrgs.br (Raul Fernando Weber )
Date: Mon Oct 19 11:25:28 EST 1992
I am not opposed to the publication of books about the problem of viruses
and other malicious programs. The end user should learn about the problem
that viruses represent to computer sciences in general. The user should
known the perils that such programs represent to his or her data. Knowing
your enemies is the best method of fighting against them.
But if a book contains source code of viruses, that is a real problem.
Anyone can then easily type the code or modify it, and very soon we will
have a greater number of new viruses to deal with. Any explanation about
viruses can easily be done in plain text or in pseudo code (without
explicit reference to a hardware platform or operating system). Authors of
such books should be discouraged to publish complete or partial
descriptions of viruses source code.
It doesn't matter if the code published is from viruses that can be
detected and eliminated by normal anti-virus programs. If this book is read
by someone that is not a "responsible adult"', and this person writes a
virus with the information he or she gets from the book, the damage is
already done. It doesn't matter if this virus works or not, if it is a "bad
replicator" or a "benign virus"'.
In the other way, I also believe that once such a book is published, there
is nothing we can do against it, except discourage any person from buying
it, or from using the ideas to write viruses. I am against any type of
censure. It is much better to give people a good education and sense of
ethics.
I wrote articles about computer viruses (in portuguese) and I use
high-level pseudo-code in order to explain the virus routines. For
instance, in order to explain how a bootstrap virus uses stealth
techniques, I explain that the virus has the following routine:
if trying_to_read_the boot_sector
then show_the_original_boot_sector
This art of pseudo-code lets the reader understand how the virus work
without teaching how to write a virus. Of course, a good programmer can
translate this to assembler and write such a virus for the IBM-PC, but he
needs to understand a lot about BIOS, DOS, etc.
Giving the code in assembler form enables an unexperienced user to write a
virus, and that is exactly the crucial point! With pseudo-code you need to
be a good and experienced programmer in order to write a virus, and I hope
that every such a programmer has also a good sense of ethics. But with
assembly listings almost everyone can, with a trial-and-error process, also
write a virus. And this kind of user can release a virus just for fun, to
see what happen with his neighbours. This possibility of "unwanted" spread
of virus scares me, and because this I am against the publication of
viruses code in general.
THE COUNTRY IS IRRELEVANT
From: hayes@urvax.urich.edu (Claude Bersano-Hayes )
Date: Tue Oct 20 04:52:00 EDT 1992
I first think the country is irrelevant. France, Italy, Bantoustan... or the
USA. The problem remains the same: shall we as a whole have access to the
information. You probably have informations I don't. I am less drastic than
you here. I think all depends of the info, and what one can do with it.
Knowing how to make a A-bomb is not critical, since getting plutonium is not
*that* easy. Creating computer viruses is another matter.
Publishing a "do-it-yourself" book about viruses is at best irresponsible, and
more than likely dangerous. But there are laws in France too. The book can be
published "legally" but its use can be dangerous for the user who get caught
creating and/or disseminating viruses. I am not a lawyer so you may want to
check with others, but it seems to me that the publisher may be sued if a book
entices someone to do something illegal. Suggestion: post that same message
to Usenet's soc.culture.french. You will probably get a few more replies.
But this does not mean I approved of the US publication either. I did not (but
was not asked <grin>). The self-proclamed "Dark Avenger" released his MtE
(Mutating Engine) which can be used to make "stealth" viruses (and it is
available on many BBS's here). Not a great idea either...
Since I don't know the state of computing in Europe in general, and France in
particular, I have no idea what the impact of this book will be.
If the book is aimed at computer professionals that's another story. These
people need to know how these little pests work. I have no problems there.
I don't think liberty has anything to do here. The problem is one of
publisher's resonsibility: will this book cause harm to the computer users
at large?
I myself ran into a similar problem here in the US. I moderate a virus-
awareness group on a local BBS and a fellow user wanted to give references
about some viruses (including source code and book titles). I refused (and was
called a fascist because of that).
There is no good answer to this problem <sigh>...
RUSSIAN'S OFFICIAL ANSWER
From: eugene@kami.npimsu.msk.su (Kaspersky Eugene Valentinovitch )
Date: Tue Oct 20 19:31:15 GMT 1992
I think that the publications of virus sources is very bad news for me
because:
1. The difficult virus (like a stealth, polymorphic, etc) is very interesting
to analyze it and it's a very interesting job to make antiviral for this
difficult virus. This virus can be produced only by high-class programmers.
But the high-class programmer can write the virus without any smb virus
sources, without any books with the virus sources.
So who will read this book? Only the -beginners- in programming and assembler.
And these beginners can't write the virus which will be interesting to me.
They can write the millions of Vienna, Burger, Tiny viruses. At this
moment the sources of Vienna and Burger viruses are printed in West,
the source of the virus Vienna was published ever in Russia!!!. Now there are
about 50 viruses of Vienna and 10 of Burger in my collection.
And I should to analyze them and add the information into my antiviral
database. And it's a lost time, because it's a non interesting work for me
and my boys.
It's a work for the rubbish-remover.
There is the word 'zolotarr' on Russian - it's a man who on very old years
cleaned the water-closets (on the old year there are 'closets' without
'water'). The analyze of the Vienna and Burger is the work of 'zolotarr'.
And now when I receive the new large portion of the viruses I say
for my boys: "Hey, zolotarrs! Come here! There is a new work!" :-)
So this is the 1st why the publication of the virus sources is very bad
to me: I receive a lot of not interesting work.
2. The publications of the virus sources will push some programmers to
the virus creation. If this is a beginner, see above. If it's a
good programmer he can write new very interesting virus. But I have
a lot of interesting virus! It's enough! It's about 900 analized viruses
in my collection and about 300 awaiting analyze.
So this is the 2nd: there are too much viruses, and I don't want to
receive another ones.
3. This publication is the hooliganism, because this paper can call
the damage for the computer users and not only to them. I think that it is
not needed to explain this.
It's the 3rd: I don't like the hooligans.
That's all.
About the virus-writers
+++++++++++++++++++++++
I think that the men who wrote this book are unhappy men, because they try
to make the work which is not needed to another men. They can't find
the more interesting job. It's unhappy.
I see from time to time the virus-writers. Practically all of them seens
like non-smiling boys, boys which don't like to girls...
So I think that the virus writes and virus-publishers are unfortunately
because the good man don't writes the viruses.
About France
++++++++++++
You asked me about France only. Why only France? I think it's a problem
of all the countries.
Yes, the France, Spain, ... are non-computer countries, I don't know why.
I remember 2 French programs only: exe-file-compresser LZEXE and the game ...
I forgot the name... the game about prisoner. Ha! the name of this game -EDEN.
That's all. I think that the love to computers - it is a national peculiarity.
The French programmers can write intelligent virus, but probability of
this is a little.
But the USA, UK, Russia (yes, Russia!) - there are the computer countries.
And there are a lot of high-level programmers, a lot of programmer-hooligans
too, especially in Russia :-(.
About free information
++++++++++++++++++++++
There are the range of the information freedom: from "don't write
about viruses!!!" till "write all about them including the source".
I think the better way for the virus information is the middle of this range.
I have about 10 publications in 2 books, Russian computer magazines, Russian
newspapers and I try to say the interesting information about viruses
but so that this information can't be used while programming the new viruses.
P.S. Sorry my English, all the people in Russia told only on Russian - I
don't know why... ;-)
BECOMING UPSET, ANGRY AND HURT
From: mcafee@netcom.COM (McAfee Associates )
Date: Tue Oct 20 21:19:11 -0700 1992
I'm glad to be of assistance to you. I think that most people in the anti-
virus community view Mr. Ludwig's book with considerable distaste. Mr.
Ludwig does not seem to recognize the fact that he is making all of our
lives more difficult by teaching people how to write computer viruses. I
am not a programmer, nor am I a lawyer or a businessman. I provide technical
support for people who have a computer infected with a virus (or suspect that
they have one). These are people who become upset, angry, and hurt because
they have gotten a virus from some source. And I don't think people should
have to suffer just so someone can show off his (her) programming skills or
prove that he can print virus source code and sell it safely behind the laws
of his own country.
Please bear in mind that I am not a lawyer, nor do I have a background in
international shipping or publishing.
I would strongly recommend that you contact the U.S. Department of Commerce
or at least the U.S. consulate in Paris. They should be able to provide you
with all information required to import Mr. Ludwig's book into France and
publish it there.
I would also strongly recommend that you check with a lawyer that specializes
in high-tech crime issues as well as the high-tech crime bureau of your local
police department to make sure that no laws our broken by its publication. If
your local police department does not have a high-tech crime bureau, I would
recommend that you try contacting the national police.
When talking with your lawyer, I would recommend that you ask him (or her)
about your legal exposure: You (or CCCF) could be held responsible for
damages caused by the viruses, even if you include a disclaimer.
IRRESPONSIBLE ATTITUDE
From: rslade@sfu.ca (Robert Slade )
Date: Sat Oct 17 13:20:55 PDT 1992
I am strongly tempted to reply that your posting is stupid, and an obvious
attempt to justify an irresponsible attitude. However, giving you the benefit
of the doubt, I will try to restrain myself.
You try to take the "high moral ground" by implying that the publication of
this book will assist users to protect themselves. While I acknowledge that
"good" books on protection against viral programs are hard to find, Ludwig's
book is definitely not the answer. It is certainly no better in that regard
than many other available works.
You attempt to downplay the damage that can be done is unrealistic. While
agreeing that Ludwig's code is simplistic and easily countered by reasonable
protection, but, as you note, the vast majority of users have *no* protection.
In addition, the new viral programs thus generated require a lot of extra
effort on the part of the anti-viral researchers to weed out these additional,
if stupid, viral programs.
PUBLISH THE BOOK
From: ygoland@SEAS.UCLA.EDU ("Yaron Y. Goland" )
Date: Tue Oct 20 22:13:39 PDT 1992
Accepting for the moment that it is indeed legal to publish this
book in France, the question at hand is if it is 'right' to publish
this book. I believe this is the wrong question. Is the computer
virtual community to act as a self censor? Should we not say what we
know for fear of 'educating' others? Any time we restrict ourselves
in this manner we limit our freedom and the freedom of everyone
around us. Information is, in itself, not dangerous. It simply is.
It is the use that the information is put to that determines it's
'correctness'. Publish the book. To not do so is to do nothing more
than carry on the irrational fear of viruses and more importantly it
will strike another blow against the various forms of 'self
censorship' which is now practiced within the community. Silence
breeds fear, not knowledge.
The Jester
CONCLUSIONS
From: Mark A. Ludwig
(Amer. Eagle Publications, Inc., PO Box 41401, Tucson, AZ 85717;
Phone: (602) 888-4957)
Date: Thu Oct 22 22:17:29 -0700 1992
So you have found out that _The Little black Book_ is controversial! If you
ask the so-called "experts" in viruses, guys like Skulason, or David Stang, or
Alan Solomon, they'll tell you they hate the book, and it shouldn't be
published. And they are smart enough to avoid saying "don't buy it" so they
use a classic Soviet-style disinformation tactic that they've dreamed up and
call the code in the book "junk," etc., to try to make people think it isn't
worth their while to buy it. That's a lie, and I've had people in the industry
tell me so, off the record. I know the code is good, and it works, period.
The only "bugs" are as discussed in the book. Now, there isn't anything cute
or tricky about the code, and maybe some people call it junk because it isn't
an attempt to intimidate the reader, as a Whale-style ultra-cryptic virus
would be, etc. These viruses were written purely as instructional examples,
and they are straightforward and functional examples, and not an attempt to
demonstrate to the world how clever I am.
My counter-tactic to this disinformation is to simply ignore the nay-sayers
and advertise the book. Plenty of people absolutely love it and buy it and
talk about it to their friends. The fact is the little guys who aren't
already virus experts want to become more expert in this area. They have good
reason for it. They need to understand viruses and be able to combat them from
a position of knowledge and not ignorance. The so-called experts don't want
the little guys to be expert. They'd rather the little guys keep feeding off
of them. And the more the little guys read the book, the more they will quit
trusting the establishment anti-viral types.
I can send you a packet of unsolicited letters from people who have really
liked the book if you or the publisher needs to see them before going ahead.
I can guarantee you that the book will probably be as controversial in France
as it has been in the US. People will love it and people will hate it. Nobody
will be indifferent. My goal in this whole thing is to win a battle with the
people who want to keep viruses secret, and I am going to do it.
I must say I was somewhat surprised that a major publisher like Eyrolles was
ready to buy into the book--if French publishers are anything like their
American counterparts. Technical publishers here are extremely conservative
and try to avoid controversy as much as possible. If they are having reserva-
tions about publishing it i would not be surprised.
Please publishe it!
------------------------------
End of Chaos Digest #1.01
************************************
