Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 14
Chaos Digest Lundi 15 Mars 1993 Volume 1 : Numero 14
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.14 (15 Mars 1993)
File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01)
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from cccf@altern.com. The editors may be contacted by
voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard
Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex,
France
Issues of Chaos-D can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
* kragar.eff.org (192.88.144.4) in /pub/cud/chaos
* uglymouse.css.itd.umich.edu (141.211.182.91) in /pub/CuD/chaos
* halcyon.com (192.135.191.2) in /pub/mirror/cud
* ftp.cic.net (192.131.22.2) in /e-serials/alphabetic/c/chaos-digest
* ftp.ee.mu.oz.au (128.250.77.2) in /pub/text/CuD
* nic.funet.fi (128.214.6.100) in /pub/doc/cud
* ftp.warwick.ac.uk in /pub/cud
Issues of Chaos-D can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: Tue Feb 23 20:06:14 CST 1993
From: ymcrabbe@altern.com (Yves-Marie Crabbe )
Subject: File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01)
PROHIBITION ON THE RELEASES
Date: Thu Oct 22 14:02:46 EDT 1992
From: seborg@first.org (Brian Seborg )
While I do not believe it should be legal to release viruses into the public
and that severe penalties should be leveled at anyone guilty of doing this,
I do not see much harm in making available to the public information which
the computer underground has had for some time. The only risk is that books
such as these decrease the inherent "cost" and time that a virus writer must
normally spend in order to obtain sufficient information and expertise to
enable him/her to write viruses. In the past, this "cost" has acted as a
barrier of entry for most virus writers. If higher quality information is
presented in a concise form, then the danger is that there will be more people
able to write viruses than before. In addition, if you provide people with
source code for viruses, then they can learn from the mistakes and successes
of these viruses and come up with more sophisticated viruses. This is
dangerous if no prohibition on the release of these viruses into the public
is enacted. The English language version of the book is already in print,
I see little additional harm comming from a French translation. The damage
has already been done.
Brian Seborg
VDS Advanced Research Group
McAFEE, HOFF & HOFFMAN ARE BAD
Date: Wed Oct 14 11:47:27 GMT 1992
From: bontchev@informatik.uni-hamburg.de (Vesselin Bontchev )
Hi!
Ah, yes, McAfee is master of the media shows... :-\ He does this much
better than fighting viruses... :-( The only thing that he does even
better is making money... :-)
Umm, I have here "Les virus. Methodes et techniques de securite" by
Jean-Claude Hoff... There are so many mistakes in his book... He
reminds me Patricia Hoffman. Probably has the same level of knowledge
about viruses... :-)
[...] Well, I have to admit that their package contains a really good
integrity checker... The best one I have ever seen. But what they are
saying - that it's the absolute weapon against viruses, is of course
not true. I can think of a couple of attacks that can be used by a
virus to slip through their protection... There's no such thing as
absolute protection against viruses, unless you decide to make your
computer unusable...
:-). Well, the last time I've seen their ads, it was "l'arme absolue
contre les virus"... :-) Having in mind how bad most virus protection
schemes are, theirs is indeed incredibly good. And having in mind how
difficult for the user is to use an integrity checker at all, theirs
is indded very easy to use...
Regards,
Vesselin
--
Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg
Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN
PGP 2.0 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C
e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany
ONLY IDIOTS COMPILE VIRUS CODES
Date: Thu Oct 22 11:02:53 PDT 1992
From: sbonds@jarthur.Claremont.EDU (007 )
This is correct, the fact that "Stoned", a boot sector virus, remains the
most common MS-DOS virus shows that most viruses are transferred between
friends/coworkers by disk exchange. However, the reason MS-DOS viruses are
not more commonly spread through networks is not because of the number of
"steps" needed, but rather because MS-DOS viruses cannot function except on
MS-DOS machines. Putting a MS-DOS virus on a UNIX machine renders it
useless, until it gets transferred to a MS-DOS machine again. (Which it
will be unable to do on its own.)
I would even go so far as to say that MOST are not deliberately destructive.
This is true. New viruses are rather rare in the wild, in part due to the
efforts of those who provide antivirus software. In all my experience with
viruses, I have only seen ONE new virus in the wild. I have seen many, many
people without any sort of virus protection come to me after the virus has
made its presence known asking for help. Often it's too late then.
Even a feeble program like SCAN is better than nothing.
Fears that people with source code will somehow magically create whole new
viruses are, IMHO, unfounded. If a person knows enough about DOS and
assembly to be able to interpret the code, then they also know enough to
create an entirely new virus. The worst that could happen is that some
idiot could compile the code, run it, and infect himself. This is a great
way to learn first-hand what viruses can do. <grin>
Sofar as I know there is no US law forbidding this either, and there can't
be. (That Bill of Rights is useful at times... <grin>) However, the "moral
majority" often gets its way on issues like this.
VIRUS-FIGHTING FOUNDATION
Date: Thu Oct 22 15:57:58 EDT 1992
From: Kevin_Haney@CU.NIH.GOV
Since you asked twice, I will tell you what I think. My opinion is that
the book should not be published. I believe it is a completely self-
serving and money-making scheme. If you put a "Forbidden" label on a
product, that will only make people want to buy it more. The author's
claim that you can't be a real computer security person if you haven't
seen the source code of a live virus is bullshit. The publishing of
viral source code is a very irresponsible act, however you attempt to
justify it. At the IVPC conference last year, David Stang challenged
the book author to donate all of the proceeds to a virus-fighting
foundation if his motive was really to help computer security
professionals. He declined.
I BEGIN BANNING BOOKS
Date: Tue Oct 27 09:52:57 CET 1992
From: lschumac@mainz-emh2.army.mil ("Ludwig (Lu) Schumacher ->" )
I would prefer NOT to see this book on the market. It makes it too easy
for those who might not otherwise have the requisite knowledge to start
playing games. While these virus's should be easily recognized by most
of the Anti-Virus programs, not everyone has (or regularly uses) one.
Further, once 'trained', it becomes easier to develop more malicious
programs.
Having said all that, I will add that we would tread on very thin ice
should we ever begin banning books.
DO-IT-YOURSELF PACKAGE & TWIT
Date: Wed Oct 28 08:53:30 -0700 1992
From: martin@cs.ualberta.ca ("Tim Martin; FSO; Soil Sciences" )
Well, I haven't seen Kephart's study, so I can't comment on whether this
is a legitimate summary of it. In my limited experience I would agree
that networks are rarely a factor in virus spread. And by far the
majority of viruses I have seen or had good descriptions of are
poorly written, usually simple stupid modifications of a few common
viruses. Almost all virus writers work alone. They have found a virus,
disassemble it and try to make "improvements" on it. The few writers
who are members of virus writing clubs, or are connected by InterNet,
FidoNet, or VxNET have little impact on the "virus problem" as
experienced by the end-user.
I don't quite follow what knowledge CCCF is reputedly advancing: the fact
that viruses are by and large poorly written and ineffective? Or is this
saying CCCF is trying to encourage more "quality" in viruses? Given I
don't know what Schmidt is arguing, nor why CCCF is publishing the (rather
poor) book, I can hardly comment.
No doubt these are all facts. The book does have virus code. The viruses
are easily defeated. I don't know French law, and of course the warning
about responsible adults and 18 years old is present, but it is utter
nonsense, an attempt by Ludwig to cover his ass.
I'm not sure whether you want my thoughts on publishing such a book.
Personally I feel that the best way to stop the virus problem would
be for the average user to understand how viruses work. So I work
hard to educate people on how viruses really work, at the technical
level. However I don't publish virus code, because as soon as one
has virus code, one no longer needs to understand how viruses work
to write viruses. All they have to do is compile the code. So any
twit with a self image problem can spread new viruses simply by
using the do-it-yourself package. I've seen too many such viruses,
and such twits. But I'm sure that in the overall scene, the French
issue of Ludwig's book is likely to have about as much effect as
the English version has had: "diddly-squat".
No doubt the publicity is nice, though. =:)
NO BIG HIDDEN SECRETS
Date: Wed Oct 28 18:35:13 1992
From: ROP@hacktic.nl
Viruses are only a threat if the general public does not understand
them. Most virus panics are caused by a this lack of knowledge. It's
very good that books like this are available, so that everyone that
wants to can have access to information that details how viruses
work.
There are NO big hidden secrets that could destroy the world, viruses
are simple programs that anyone with a good understanding of
operating systems can write. Virus writers don't need these books
anyway.
+++++
Rop Gonggrijp (rop@hacktic.nl) Hardened and capable of making
fax: +31 20 6900968 considerable trouble.
FOR MISCHIEVOUS PEOPLE
Date: Wed Oct 28 17:47:38 PST 1992
From: Pua_Yeow_Cheong.xssc@rxsgp.xerox.com (Yeow Cheong.)
I am a software engineer with Xerox but I am not familar with virus codes.
Anyway, here is my opinion regarding your mail.
I have never read the book you mentioned before but from the fact that the
it was censored in the US and it teaches you how to write virus, I can guess
that it must contain some harmful elements in it.
The problem with publishing the book for the newstand is that you cannot
control who gets the book. For all your well intentions, this book will most
likely also land up in the hands of those mischievous people who are out to
create trouble. Then we will see a proliferation of new virus, starting with
France, maybe throughout the world. No matter what Kephart says about his new
theory, the fact that computer virus have spread to most computers in the
world (Even my PC at home in Singapore has been infected before) is enough
proof that virus do spread effectively. And with networking becoming more and
more common, it will not be long before virus spread itself via networks.
Even though the virus can eventually be destroyed by current anti-virus
methods, but before these new virus can be detected and all destroyed, who
knows how much destruction they will cause before that. And these information
they destroy might be important information in the banks or hospitals.
If your intention in publishing the book is to prevent virus infection
through knowing how virus work, I would suggest you control the sale and sell
only to licensed anti-virus software companies who need the information. If
you want to make the book for the newstand, then you should remove all the
parts teaching people how to write virus.
If your intention is not the above, my opinion is that you shouldn't publish
the book at all.
Please consider carefully before making your move. Good luck.
COMPUTER PROFESSIONALISM/ETHICS
Date: Tue Nov 3 14:49:12 CST 1992
From: cepek@vixvax.mgi.com ("Mike Cepek, MGI" )
I personally don't like many of the implications made in the article you
enclosed, "Making The News and Bookstands", in particular those related
to viruses not being a real threat.
I am not familiar with Mr. Kephart's work. The conclusions stated in
the article don't surprise me all that much at face value. However, I
feel that they are probably used out of context (and, I would assume,
without Mr. Kephart's permission) to further the ends of `chaos'.
Viruses affect real people and real companies, and have caused real
damage, resulting in real money and time lost. The people affected
are innocent. In far too many cases, the virus authors set out to
cause damage intentionally.
In my opinion, malicious viruses are bad. To encourage them in any
way is also bad. If it were me, I would not be involved in the release
of such information, since it is more likely to cause further harm than
good.
There are many sides to this issue, more that I care to go into here
(freedom of expression, general social benefits from releasing
confidential information, educational/research reasons, general moral
and ethical issues, computer professionalism/ethics, etc.).
I certainly cannot prevent "The Black Book" from being published, nor will
I try. However, if it were me, I probably would find more constructive
things to do with my time and energy.
______________________________ Mike Cepek ______________________________
VIRII ARE "TOYS"
Date: Wed Nov 4 21:09:18 GMT 1992
From: hps@sdf.LoneStar.ORG (Holt Sorenson )
I believe firmly in the idea of free speech. I think that the publishing of
this book is not anything to worry about for several reasons. I've seen many
of the virii that have resulted from this publication and they are not
anyworse than the majority of virri in the community now. For the most part
they are overwriting, non-parisitic, non-resident programs that replicate.
The concepts behind virri are quite simple and any programmer with a couple
of years of experience can write a virus. A virus can even be programmed with
DOS's batch language. Assembly is not by any means necessary, but it is the
best language because it allows full access to the machine's capabilities and
compiles the smallest code.
Bearing in mind that virii are "toys" that programmers play with, that free
speech is essential in democratic societies, that the ideas presented in that
book are not the most advanced in virus technology, and that the "adults" that
read the book will act responsibly, I see no problem with the publishing of
the book. If the book is a catalyst for a computer virus epidemic in France,
then that is one of the consequences of releasing such informtation. Computers
users need to be prepared for that consequence.
Miscellaneous:
Are you guys into the hacker, phreaker, virus scene ? Why did
you decide to release the translated book ?
I FOUND VIRUSES DISGUSTING
Date: Thu Nov 5 11:51:15 CET 1992
From: EKRISTIA@estec.estec.esa.nl ("E. Kristiansen - WMS" )
On one hand, I find computer viruses disgusting, and I think most people
using computers for professional purposes would agree with me.
On the other hand, I am afraid that viruses are here to stay. The techniques
are sufficiently well known that anybody who really wants can put their hands
on them. One publication more or one less is not going to change that very
much. The only thing, to my opinion, which can inprove the picture slightly
is education, in the sense that potential virus-writers might be brought
to realize the conseqwences of what they are about to do. But social
behaviour is not very popular today in the western world.
I think the only thing computer professionals can do is defensive measures:
- make good and frequent backups so you can recover if contaminated
- be very careful about who has access to your computer, and what they put
into the disc drive. Avoid any discs whose origin you do not trust.
This being said, I am not in favour of publishing your book, it's a bit like
publishing how to break into a house: Anybody can find out how to do it, but
reading a book on the subject might be an incentive to actually try it out.
The warning "Forbidden for readers not 18 years old" (I suppose you mean
"readers below 18 years"?) should be enough incentive for a lot of below-18's
to buy the book. If such a "warning" has any effect at all, it is likely
to be the opposite of the intended one.
LITTLE DANGER
Date: Thu Nov 5 12:18:30 MET 1992
From: bartjan@stack.urc.tue.nl (Bartjan Wattel )
I think that one major factor must be considered:
Are the sources that are listed the original sources, or were they 'reversed
engineered' ?
I think, that if the sources are original,most of them won't be very complex
nor very ingenoius. Having this in mind, I see no harm in publishing virus
listings. In fact, since virus-programming has several nice features and
is somewhat challenging, I think it could be very interesting finding out
how virusses work. But, there'll always be some people who modify some listing
and release it. Since the listings are not that complex, and any anti-virus
program will find it, I think there is little danger. I feel that all
companies should at least run a simple virus-detecting program once a day.
In my opinion, the problems lies in publishing very *smart* virus-codes. At
that point, building an even smarter virus shouldn't be very difficult. This
could lead to problems when such virusses are being released.
So, my opinion: publish only the *easy* virus-codes, e.g. codes from long-
existing virusses that will be detected and removed by any know anti-virus
program.
I hope this helps you. I'm always in for answering questions or joining a
discussion about viruses.
Bartjan Wattel at Eindhoven University of Technology, the Netherlands
I DID UNDERSTAND THE TITLE
Date: Thu Nov 12 09:32:00 EST 1992
From: CMARTIN@unode2.nswc.navy.mil ("PGE" )
As to virus pathology, I agree that most common virus vector is exchanging
of disks as opposed to network connections. Why, because it is easier to
create a virus that does only one thing, infect the next disk, than to have
one that can go from disk to net to disk. Also, except for networks with
open access (colleges and the like) users have no reason to wish to harm each
other, so they won't try to create viruses. Sure they may bring in a pirated
copy of tetris which is infected, but a virus that can identify the network
(I do believe that many different protocals exist) and do the necessary harm
is going to be alot longer than a simple virus, and therefore easier to spot.
Networked computers also run alot more anti-virus software than many home
users thereby making infection and transmission harder.
The book. Well I believe in free speech. I was hoping to buy the book
here, but if it is censored then I guess I shall have to brush up on my
French (I did understand the title at least) and get that version. Such
books might help the malicious, but it also let's the anti-virus forces see
what information is being used to write these viruses, and thereby be able to
combat the viruses more effectively.
Finally, selling the book to those only 18 and older is sad. This book is
now being lumped together with Madonna's new book (though I don't know if you
have to be 18 to buy that in France).
WRITE ONE YOURSELF
Date: Thu Nov 12 09:37:25 -0600 1992
From: sears@tree.egr.uh.edu (Paul S. Sears )
I think that a book such as this is a good thing to publish. Viruses are
generally simple to write and any one with basic programming skills can
create such a beast. It is their skill in programming and design that
determines how "sucessful" the virus is. The general computing community
can better defend itself from the onslaught of virus attacks if they have
a deeper understanding on how a virus operates. And what is the best way
to see how a virus operates? Write one yourself. Or, at least look
_real_ examples of virus code.
Banning knowledge because it may "enlighten" the un-enlightened, is something
I don't agree with. I think that everyone should have the opportunity to
know everything they can. Keeping the "secrets" of virus design to the
underground and/or professional circles leaves the everyday Joe User out in
the cold. Knowledge is the best weapon and can be the best defense to such
a situation. In the site that I manage, I make an effort to inform all of
my users of all possible security threats (related issue). If there was a
threat of virus infection on our unix platforms, I would make every effort to
inform my users of what that threat is, and to help then understand the design
and intent of such threat. Most learn by experimenting, like when I was
child, I used to tear apart _anything_ mechanical to understand how it worked.
I think the same applies here for virus code. And besides, there are other
sources of virus code floating around. If someone wants it bad enough, they
can easily get it.
--
Paul S. Sears * sears@uh.edu (NeXT Mail OK)
The University of Houston * suggestions@tree.egr.uh.edu (NeXT
Engineering Computing Center * comments, complaints, questions)
NeXT System Administration * DoD#1967 '83 NightHawk 650SC
VIRUSES IN THE WILD
Date: Mon Nov 16 14:13:04 EST 1992
From: sara@gator.rn.com (Sara Gordon )
i ve not seen this -new- kephart study. the most recent one i have seen is
the one detailed in some conference proceedings. it is not a new study. i
did use it to document the 'viruses in the wild' portion of my recent
study on virus exchange bulletin boards.
i have not seen any of the book viruses, although i have the book. my
purchase of the book was 'documented' in the underground publication
phrack. hope you read the rebuttal, phrack40a, which corrected the many
glaring innacuracies in the original. better yet if you had not wasted
your time with the original.
increase knowledge with the publication of a translation of -that- book?
ah, c'mon. have you read that book? if you want to increase knowledge,
you could just translate the parts that tell about viruses. the book is
a do-it-yourself guide to writing viruses, enabling someone who has the
energy to type in the listings (or purchase the disks) to produce
viruses without knowing how to program. Now, tell me, of what purpose is
the type of info in this book regarding how viruses work to anyone who
does not know what the terms mean? the 'advance knowledge' might be more
readily achieved amongst the potential users of this book by publishing
instead some basic tenets of responsibility, ethics...
what exactly is the knowledge you are trying to advance? the only thing
this book deals with is how to write viruses, or more specifically how
to type in some codes and get them without really knowing why it works,
for without a basic understanding of programming, a person won't
understand the explanations of the book--and, if they have this
understanding they wont NEED this book to 'explain' it.
this book dont been banned anywhere that i know of. i dont know of any law
against publishing virus codes. however, you must be aware that it will
be used by people who want to experiment, that is if they have the
determination to type in that long code.
laws are another matter entirely, as are freedoms. i think the key issue
here is really responsibility. one has to decide which side of the fence
one wishes to reside on.
--
Talk to me about computer viruses. sara@gator.rn.com
SGordon@Dockmaster.ncsc.mil
vfr@netcom.com
Sara Gordon Fidonet 1:227/190 Virnet 9:10/0 9:101/0
REAL COMPLEXITY OF CREATION
Date: Sun Nov 22 18:50:18 EST 1992
From: btwalker@eos.ncsu.edu (aka drchaos )
Problem is that there is always a threat. However most people don't
consider themselves to be at risk until the media brings a gross distortion
of a viral threat to each and everyone of us. Writing viruses is much more
difficult than slapping together some code and running it through a compiler.
It requires integrity checking and code evaluation to merge the best possible
combination of replication and anti-detection features. With a manual that
tells one how to put together a virus, we may see an increase in defective,
mass destructive viruses that tend to annilate themselves, but i believe that
there will be few, if any, truly dangerous viruses released because of the
recent developments.
Actually i believe that most viruses spread through the public BBS networks
that operate in this country. Many thousands of files are transfered and
distributed all across the land, some without regard to the file's content.
i for one know of people who download a file from one system only to upload it
to another system. A virus embedded in one of these files can spread very far
at 9600 bps.
The reason most viruses don't spread very well across standard, non-human
motivated networks is due to the complexity of creating a computer virus. The
only program that achieved this to my knowledge was the internet worm, which
was 3000 lines long, in C. Thus most virus writers will stick to the
environment they are most familiar with and generally ignore the networks.
Physical exchange of disks will soon decline in infection percentages as more
and more computers are connected to networks and it is no longer nescessary to
exchange diskettes.
Only the viruses that are written by dedicated indivuals will prosper. The
others will fall victim to common bugs and uncommon situations that can occur
when a program is existing in close proximity with the hardware and operation
system. Any virus can be detected and defeated given enough time to study it
and it's patterns of infection. However the easist to detect are not the most
dangerous. These viruses are most likely the creation of someone with a weak
sense of direction that somehow got lucky and created a working virus. They
perhaps may suffer from a slighly anti-social outlook on life and merely want
to vent their frustration on the unsuspecting computer using populace.
The dangerous viruses are those that wait and cause small changes in non-
essential files over an extended period of time. These viruses are hard to
detect if successful and one can only develop a vaccine if one knows what to
look for.
I believe that the spread of knowledge should not be deterred. i approve
of distributing all knowledge even if the knowledge has potential disruptive
abilites. As i have stated before, very few people will be able to create a
harmful working virus. Those that do manage to produce one will have
developed a program in which it is compromised enough to not be effective in
modern computer environments. Furthermore the knowledge may stimulate those
who are attempting to create better anti-viral software.
From what i know of it, the black book contains examples of viral code,
all of which can be detected. Since almost all of the viruses that could
potentially created by releasing the translation will be variants, all should
be easily detected and should not impose a greater risk to anyone with
sufficient anti-viral software.
While being over the age of 18 does not garantee responsibility, it does
increase the chance that all who learn from it will have reached an age of
socialization that is necessary to properly use the knowledge to benefit and
not to detriment.
------------------------------
End of Chaos Digest #1.14
************************************