1993-02-12 - Re: Viral encryption

Header Data

From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
To: cypherpunks@toad.com
Message Hash: 3de0dfb0336ba8bbbc78f7b4791ce41985439ef68217297f75842bffaeb450fa
Message ID: <9302120017.AA28034@toad.com>
Reply To: <m0nMh4s-000k4cC@phantom.com>
UTC Datetime: 1993-02-12 00:17:21 UTC
Raw Date: Thu, 11 Feb 93 16:17:21 PST

Raw message

From: Eli Brandt <ebrandt@jarthur.Claremont.EDU>
Date: Thu, 11 Feb 93 16:17:21 PST
To: cypherpunks@toad.com
Subject: Re: Viral encryption
In-Reply-To: <m0nMh4s-000k4cC@phantom.com>
Message-ID: <9302120017.AA28034@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


> From: thug@phantom.com (Murdering Thug)
> I myself am very familiar with the virus underground, so for those who are
> not, let me explain the two newest and most deadly virus techniques which
> are being seen in the DOS world.

[ discusses stealth viruses, around for, oh, five years at least; and
  the MtE. ]

Reasonably accurate discussions, but let's leave the hype for _Time_
and McAfee.  "Stealth" viruses can be detected in memory, if you make
the mistake of getting infected in the first place.  MtE-derived
viruses enjoyed a window of about a month while they could not be
detected by scanners; they had no such reprieve from integrity
checkers.  Big deal.  (Well, from the point of view of a scanner
writer, it must be a pain, but that's not the user's problem.)
Cryptohash integrity checking is probably the way to go in the long
run, but scanners still work.

The "most deadly virus technique", in terms of number of infections
caused, is probably that of boot-sector infection.  Low-tech, but it
seems to work.

> Thug 

	 PGP 2 key by finger or e-mail
   Eli   ebrandt@jarthur.claremont.edu





Thread