waters@polya.Stanford.EDU (Jim Waters) (11/13/88)
I was recently informed that some folks at Purdue did a real nice
job of symbolically disassembling the binary part of the recent
Internet virus. Unfortunately, I haven't been able to find a copy
locally. Is there anyone out there who snagged a copy who would be
kind enough to mail it to me?
Thanks in advance.
---------------------------------------------------------------------------
Jim Waters
Internet: waters@umunhum.stanford.edu
uucp: decwrl!umunhum.stanford.edu!waters
bitnet: waters%umunhum.stanford.edu@stanford
What's that? Don't I have anything really profound to say here . . . Nope.cochran@cadsun.DAB.GE.COM (Craig Cochran) (11/15/88)
In article <5011@polya.Stanford.EDU> waters@umunhum.Stanford.EDU (Jim Waters) writes: > > I was recently informed that some folks at Purdue did a real nice >job of symbolically disassembling the binary part of the recent >Internet virus. Unfortunately, I haven't been able to find a copy >locally. Is there anyone out there who snagged a copy who would be >kind enough to mail it to me? I'm sure that your interest in the virus source (or disassembled version of same) is of pure academic nature, but do you think it is a good idea to have publicly distributed copies of this program lying around the net? While most of us have "immunized" ourselves against this particular strain, this is something that may come back to bite us again in the future in the event that some irresponsible user (nothing insinuated here) accidentally or purposely unleashes a similar blight upon us a year or more down the road. With the source or assembly code available, it wouldn't be difficult to modify the virus to get around the publicly distributed patch. Am I overly paranoid? Granted I myself was very interested in reading Gene Spafford's description of how the virus worked, but knowledge in the wrong hands is hazardous. I'm as much of a UNIX enthusiast as anyone, but I'm inclined to think the virus should be placed under lock and key until the (very-powerful-yet-too-open) UNIX System matures into a secure O/S. Again, am I paranoid? Comments accepted via e-mail, or post if appropriate. -Craig (Standard Disclaimers apply.) -- Craig S. Cochran <cochran@ge-dab.GE.COM> General Electric Company UUCP: ...!mcnc!ge-rtp!ge-dab!cochran 1800 Volusia Ave, Rm 4112 Phone: (904) 239-3124 Daytona Beach, FL 32015
waters@polya.Stanford.EDU (Jim Waters) (11/15/88)
Sorry, I didn't really know where to send this, but since it does pertain to whether comp.sources.wanted requests should be granted, I guess I'll post it here. In article <1435@ge-dab.GE.COM> cochran@ge-dab.GE.COM (Craig Cochran) writes: > >I'm sure that your interest in the virus source (or disassembled version >of same) is of pure academic nature, but do you think it is a good idea >to have publicly distributed copies of this program lying around the >net? While most of us have "immunized" ourselves against this >particular strain, this is something that may come back to bite us >again in the future in the event that some irresponsible user >(nothing insinuated here) accidentally or purposely unleashes a >similar blight upon us a year or more down the road. With the >source or assembly code available, it wouldn't be difficult to >modify the virus to get around the publicly distributed patch. If relatively small modifications to the virus code will produce another viable virus, then I think it is quite clear that people should peer into the code a little more closely and see what can be done to stop this. I would like to think that we will find all the holes the virus exploits and close them. I don't trust the NSA to tell me what holes the virus exploits--if some of the postings in comp.unix.wizards are true, the NSA finds lots of holes, but it doesn't bother to report them. The only way to be sure what holes remain to be exploited is to look, and these sources are one of the best references to look at. In any case, lots of people have the binaries, and it is quite possible to disassemble and understand them. If I wanted to write a virus, I'd go to the trouble myself. Since all I want to do is read the code, it's not worth the amount of time it would take to decode. So I'm looking for someone who has done it already. --------------------------------------------------------------------------- Jim Waters INTERNET: waters@umunhum.stanford.edu USPS: P.O. Box 13735 waters@argus.stanford.edu Stanford, CA 94309 UUCP: ...decwrl!umunhum.stanford.edu!waters AT+T: (415)323-3063 BITNET: waters%umunhum.stanford.edu@stanford What's that? Don't I have anything really profound to say here . . . Nope.
wdao@castor.usc.edu (Walter Dao) (11/16/88)
About somebody not wanting to post it. There was once a time called the middle ages. Roman catholicism was the ruling order. One of the ideas flying aroung was that the earth was flat and was the center of the universe. Of course astronomers who said that it was not so had their books burned. And often they were judged to be heretics. Peace by Ignorance is definitely not the way to go , bud !!! DW.
cochran@cadsun.DAB.GE.COM (Craig Cochran) (11/17/88)
I see your point.
I just don't want to someday retreive the index from some random
archive-server and see "virus.shar" listed. That gives me the
heebie-jeebies.
--
Craig S. Cochran <cochran@ge-dab.GE.COM>
General Electric Company
UUCP: ...!mcnc!ge-rtp!ge-dab!cochran 1800 Volusia Ave, Rm 4112
Phone: (904) 239-3124 Daytona Beach, FL 32015ok@quintus.uucp (Richard A. O'Keefe) (11/17/88)
In article <1927@nunki.usc.edu> wdao@castor.usc.edu (Walter Dao) writes: >There was once a time called the middle ages. Roman catholicism was the >ruling order. One of the ideas flying aroung was that the earth was flat and >was the center of the universe. >Of course astronomers who said that it was not so had their books burned. >And often they were judged to be heretics. Get your facts straight before posting. During the Middle Ages (which ended in about the 14th century), the standard astronomical text was Ptolemy's, which - said that the distance to the fixed stars was so great that the Earth could be regarded as a mathematical point - did _NOT_ place the Earth at the centre of the Universe (near the centre, yes; at the centre, no). - stated that the Earth was a sphere, and contained a figure for its diameter which was about 20% out. Several people were judged to be heretics because they _were_ heretics: Giordano Bruno was a practising magician, for example. Koestler's "The Sleepwalkers" is a good introduction.
cochran@cadsun.DAB.GE.COM (Craig Cochran) (11/18/88)
In article <1927@nunki.usc.edu> wdao@castor.usc.edu (Walter Dao) writes: > >About somebody not wanting to post it. > >There was once a time called the middle ages. Roman catholicism was the >ruling order. One of the ideas flying aroung was that the earth was flat and >was the center of the universe. >Of course astronomers who said that it was not so had their books burned. >And often they were judged to be heretics. > >Peace by Ignorance is definitely not the way to go , bud !!! > >DW. When I brought up the question, I pointed out that I understand the original requestor's reason for distributing the code, and presented a few things for the net to consider. Then I open-mindedly invited people to comment intelligently on this. I didn't say I was *right*, just *concerned*. Look, The net is for *discussion*, not ridicule and flames, especially when you don't even have any constructive points to add. All you are doing with postings like that is making yourself sound like an idiot. If feel you need to flame me any more, do it via e-mail. Please reserve the net for intelligent and open-minded discussions. -- Craig S. Cochran <cochran@ge-dab.GE.COM> General Electric Company UUCP: ...!mcnc!ge-rtp!ge-dab!cochran 1800 Volusia Ave, Rm 4112 Phone: (904) 239-3124 Daytona Beach, FL 32015
annala@neuro.usc.edu (A J Annala) (11/19/88)
This may be an unpopular opinion ... but I would be seriously concerned about the redistribution of disassembled/decompiled or even binary copies of the computer virus ... the impact of this little beastie has been so great that any opportunity to limit its potential mutation and/or spread should probably be taken most seriously. AJ Annala, USC Neuroscience Program