Path: utzoo!attcan!uunet!husc6!cmcl2!nrl-cmf!ames!pasteur!agate!ucbvax!decwrl!labrea!polya!waters From: waters@polya.Stanford.EDU (Jim Waters) Newsgroups: comp.sources.wanted Subject: Re: WANTED: disassembled copy of internet virus Message-ID: <5066@polya.Stanford.EDU> Date: 15 Nov 88 06:33:51 GMT References: <5011@polya.Stanford.EDU> <1435@ge-dab.GE.COM> Reply-To: waters@polya.Stanford.EDU (Jim Waters) Organization: very little, actually Lines: 40 Sorry, I didn't really know where to send this, but since it does pertain to whether comp.sources.wanted requests should be granted, I guess I'll post it here. In article <1435@ge-dab.GE.COM> cochran@ge-dab.GE.COM (Craig Cochran) writes: > >I'm sure that your interest in the virus source (or disassembled version >of same) is of pure academic nature, but do you think it is a good idea >to have publicly distributed copies of this program lying around the >net? While most of us have "immunized" ourselves against this >particular strain, this is something that may come back to bite us >again in the future in the event that some irresponsible user >(nothing insinuated here) accidentally or purposely unleashes a >similar blight upon us a year or more down the road. With the >source or assembly code available, it wouldn't be difficult to >modify the virus to get around the publicly distributed patch. If relatively small modifications to the virus code will produce another viable virus, then I think it is quite clear that people should peer into the code a little more closely and see what can be done to stop this. I would like to think that we will find all the holes the virus exploits and close them. I don't trust the NSA to tell me what holes the virus exploits--if some of the postings in comp.unix.wizards are true, the NSA finds lots of holes, but it doesn't bother to report them. The only way to be sure what holes remain to be exploited is to look, and these sources are one of the best references to look at. In any case, lots of people have the binaries, and it is quite possible to disassemble and understand them. If I wanted to write a virus, I'd go to the trouble myself. Since all I want to do is read the code, it's not worth the amount of time it would take to decode. So I'm looking for someone who has done it already. --------------------------------------------------------------------------- Jim Waters INTERNET: waters@umunhum.stanford.edu USPS: P.O. Box 13735 waters@argus.stanford.edu Stanford, CA 94309 UUCP: ...decwrl!umunhum.stanford.edu!waters AT+T: (415)323-3063 BITNET: waters%umunhum.stanford.edu@stanford What's that? Don't I have anything really profound to say here . . . Nope.