Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!asuvax!ncar!tank!eecae!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: ttidca.TTI.COM!hollombe%sdcsvax@ucsd.edu (The Polymath) Newsgroups: comp.virus Subject: Re: Sophisticated Viruses Message-ID: <0009.8911161700.AA03975@ge.sei.cmu.edu> Date: 15 Nov 89 02:21:24 GMT Sender: Virus Discussion List Lines: 35 Approved: krvw@sei.cmu.edu krvw@SEI.CMU.EDU (Kenneth R. van Wyk) writes: }WHMurray@DOCKMASTER.ARPA writes: } }>> ...in part because writing a virus that no one notices is not any }>> fun. If no one notices, then it is not possible to know about }>> propagation or survival. What fun is that? } }There's an important distinction to be made here - detection during }propagation vs. detection after (presumably) successful propagation. }A virus could well attempt to conceal its existence while propagating, }and then do quite the opposite (!) during a destructive phase. No one }would notice until it would be too late. Here's another scary thought. All the viruses I've heard of so far appear to be the work of malicious amateurs. I can think of motivations that might inspire a professional: An unfriendly government wants to cause dislocation in the United States. It commissions a difficult to detect virus that spends 5 years propagating, then wipes the hard disks of every machine it's on, without warning or explanation. A spy puts out a sophisticated virus that does no damage. It just looks for modems on serial ports and sends what looks like sensitive information to a central collection point. (What sort of information? How about comm program macro files containing account IDs and passwords?) I'm sure you can think of other scenarios. So can "they", whoever "they" are. The Polymath (aka: Jerry Hollombe, hollombe@ttidca.tti.com) Illegitimis non Citicorp(+)TTI Carborundum 3100 Ocean Park Blvd. (213) 452-9191, x2483 Santa Monica, CA 90405 {csun|philabs|psivax}!ttidca!hollombe