1993-02-19 - Re: toad.com mailing list postings from possible virus authors
Header Data
From: Phiber Optik <phiber@eff.org>
To: gnu@toad.com (John Gilmore)
Message Hash: af93004b58a56e67f0e92f18ae520f938ec42cb44d82f2b2bf90f3fa4a7e5dee
Message ID: <199302190537.AA28048@eff.org>
Reply To: <9302190140.AA08377@toad.com>
UTC Datetime: 1993-02-19 15:10:55 UTC
Raw Date: Fri, 19 Feb 93 07:10:55 PST
Raw message
From: Phiber Optik <phiber@eff.org>
Date: Fri, 19 Feb 93 07:10:55 PST
To: gnu@toad.com (John Gilmore)
Subject: Re: toad.com mailing list postings from possible virus authors
In-Reply-To: <9302190140.AA08377@toad.com>
Message-ID: <199302190537.AA28048@eff.org>
MIME-Version: 1.0
Content-Type: text/plain
Granted the idiocy of Mr. High-and-Mighty Army Man's opinion of what people
can and can't say, I couldn't help but point out two silly things in the
message he's complaining about:
[stuff deleted]
> > each time they replicate (make a new copy of themselves). The small
> > amount of virus bootstrap code which is not encrypted is changed in each
> > replication by dispursing random NOP's throughout the virus boostrap code.
> > Thus each sample of polymorphic virus looks completely different to
> > virus checking programs. The virus checking programs cannot use
> > "signature" byte strings to detect polymorphic viruses.
> >
Either he's explaining it wrong, or the author is actually foolish enough to
think that people won't simply just IGNORE the randomly placed NOPs and only
consider the other instruction codes in forming a signature(s). Wowie.
Real programmers know that the strength of polymorphic code lies in the fact
that the same instruction can be coded as numerous different opcodes on Intel
processors.
And...
> > I have seen something called D.A.M.E., also known as Dark Avenger
> > Mutation Engine. This is a freeware polymorphic library/kernel/toolkit
Why does he keep referring to MtE, as "DAME"???
It never ceases to amaze me how such an elementary and sophomoric subject as
viruses can cause the strangest reactions from some people. I think it has
something to do with the noxious connotations of the word 'virus'. Maybe if
we all just agreed to call them 'nuisance programs', like flies on a horse's
rear-end, they wouldn't cause such fool panic.
On a finer note, I know a couple more of my "non-privacy in the phone system"
messages are in order, I was pleased by the response I got. I'll try and work
myself into the mood.
Thread
Return to February 1993
- Return to “gnu (John Gilmore)”
- Return to “Phiber Optik <phiber@eff.org>”
Return to “thug@phantom.com (Murdering Thug)”
- 1993-02-19 (Thu, 18 Feb 93 17:40:18 PST) - toad.com mailing list postings from possible virus authors - gnu (John Gilmore)
- 1993-02-19 (Thu, 18 Feb 93 18:25:31 PST) - Re: toad.com mailing list postings from possible virus authors - thug@phantom.com (Murdering Thug)
- 1993-02-19 (Fri, 19 Feb 93 07:10:55 PST) - Re: toad.com mailing list postings from possible virus authors - Phiber Optik <phiber@eff.org>