padgett%tccslr.dnet@uvs1.orl.mmc.com (Padgett Peterson) (09/17/90)
re Polish bait file, it would seem odd that someone would create a "bait" file of any length just to capture viruses. I generally use a 10h long .COM for such work (10h makes for simple offset calculation), though if in a hurry, a two-byte (CD 20) attractor is sufficient. An .EXE is just a matter of RENAME though you can get more complex if you want, the point is: why ? Consequently, I would be somewhat suspicious of anything more than a few bytes long. (I have seen a 155k trojan though) Concerning distribution of viruses, in a word, no. Now if someone came recommended by a mutual acquantance with a legitemate reason (testing against anti-viral products is NOT sufficient), possibly, but since there are safer ways to simulate the activity, this would be preferred. The concerned people I deal with all require credentials and a strict non-dissemination agreement as well. To just freely grant access to any person requesting is certainly immoral and possibly illegal. Since the NIST is a mandatory function, a central meeting point would seem appropriate, preferably one that operates on a similar schedule as most of us (non-realtime). An appearance by the legendary Gordius (sp?) would be interesting. Coat, tie, and spackle should be optional. Logic probes will be confiscated. Padgett