Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool.mu.edu!uunet!dev8o.mdcbbs.com!campbell From: campbell@dev8o.mdcbbs.com (Tim Campbell) Newsgroups: comp.sys.ibm.pc.misc Subject: Re: need ibm viruses Message-ID: <1991Apr2.114122.1@dev8o.mdcbbs.com> Date: 2 Apr 91 11:41:22 GMT References: <1991Apr01.024515.204@ecst.csuchico.edu> <1991Apr1.181741.363@csc.canterbury.ac.nz> Organization: McDonnell Douglas M&E, Cypress CA Lines: 51 Nntp-Posting-Host: dev8o Nntp-Posting-User: campbell In article <1991Apr1.181741.363@csc.canterbury.ac.nz>, cctr132@csc.canterbury.ac.nz (Nick FitzGerald, CSC, Uni. of Canterbury, NZ) writes: > In article <1991Apr01.024515.204@ecst.csuchico.edu>, amjad@ecst.csuchico.edu > (Amjad Saqfalhait) writes: >> Hi, I am working on a virus detector as an undergraduate project. >> In order to have it catch more viruses, I am asking for people to send >> me their ibm viruses. The more you send me, the more i will appreciate it! >> thanks. > > DO **NOT** comply with this turkey's request!! > > If s/he is legitimate then her/his supervisor will be able to supply > her/him with an adequate sample of virii. > > Anyone with a responsible attitude to, and interest in, virii will > probably have been subscribed to the VIRUS-L mailing list or been > following the comp.virus traffic (basically the same thing). Having > done so they would know that a request like Amjad's is a *very bad > thing* and they wouldn't have done it. > > Anyone who knows how to forge "kill" messages, should do so for the > message that this one references right now! > > Amjad - this was an incredibly stupid thing to do, whether you think > you have a legitimate request or not, because there is **NO** legitimate > reason for making such a public request. The only people who should > be transferring virii around the net are those who have found new ones > who are sending them to well-known anti-virus researchers. I have been > reading comp.virus traffic for the last 8 months and you sure aint one. > > --------------------------------------------------------------------------- > Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. > Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337 -- One additional comment: Real virus impregnated code is not required to produce a virus scanner. In fact, having _real_ viri in the machine makes things a whole lot more difficult due to the efforts required to control the environment. A better method is to simply use the well known, published hex-strings recnognized by most virus scanners. These strings can easily be placed in appropriate "dummy" files on the disk and any virus detector should pick out these programs as though they had the real virus corresponding to the code. The key here is that the _real_ virus isn't actually present - along with the risks of damage, spread, etc. that go along with them. --------------------------------------------------------------------------- In real life: Tim Campbell - Electronic Data Systems Corp. Usenet: campbell@dev8.mdcbbs.com @ McDonnell Douglas M&E - Cypress, CA also: tcampbel@einstein.eds.com @ EDS - Troy, MI CompuServe: 71631,654 P.S. If anyone asks, just remember, you never saw any of this -- in fact, I wasn't even here.