amjad@ecst.csuchico.edu (Amjad Saqfalhait) (04/01/91)
Hi, I am working on a virus detector as an undergraduate project. In order to have it catch more viruses, I am asking for people to send me their ibm viruses. The more you send me, the more i will appreciate it! thanks. -AJ
cctr132@csc.canterbury.ac.nz (Nick FitzGerald, CSC, Uni. of Canterbury, NZ) (04/01/91)
In article <1991Apr01.024515.204@ecst.csuchico.edu>, amjad@ecst.csuchico.edu (Amjad Saqfalhait) writes: > Hi, I am working on a virus detector as an undergraduate project. > In order to have it catch more viruses, I am asking for people to send > me their ibm viruses. The more you send me, the more i will appreciate it! > thanks. DO **NOT** comply with this turkey's request!! If s/he is legitimate then her/his supervisor will be able to supply her/him with an adequate sample of virii. Anyone with a responsible attitude to, and interest in, virii will probably have been subscribed to the VIRUS-L mailing list or been following the comp.virus traffic (basically the same thing). Having done so they would know that a request like Amjad's is a *very bad thing* and they wouldn't have done it. Anyone who knows how to forge "kill" messages, should do so for the message that this one references right now! Amjad - this was an incredibly stupid thing to do, whether you think you have a legitimate request or not, because there is **NO** legitimate reason for making such a public request. The only people who should be transferring virii around the net are those who have found new ones who are sending them to well-known anti-virus researchers. I have been reading comp.virus traffic for the last 8 months and you sure aint one. --------------------------------------------------------------------------- Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337
mstr@vipunen.hut.fi (Markus Strand) (04/01/91)
In article <1991Apr01.024515.204@ecst.csuchico.edu> amjad@ecst.csuchico.edu (Amjad Saqfalhait) writes: >Hi, I am working on a virus detector as an undergraduate project. >In order to have it catch more viruses, I am asking for people to send >me their ibm viruses. The more you send me, the more i will appreciate it! >thanks. As I have no guarantee that you will not be redistributing you viruses, I will not send you any. I think nobody should send you any. Markus Strand mstr@vipunen.hut.fi
campbell@dev8o.mdcbbs.com (Tim Campbell) (04/02/91)
In article <1991Apr1.181741.363@csc.canterbury.ac.nz>, cctr132@csc.canterbury.ac.nz (Nick FitzGerald, CSC, Uni. of Canterbury, NZ) writes: > In article <1991Apr01.024515.204@ecst.csuchico.edu>, amjad@ecst.csuchico.edu > (Amjad Saqfalhait) writes: >> Hi, I am working on a virus detector as an undergraduate project. >> In order to have it catch more viruses, I am asking for people to send >> me their ibm viruses. The more you send me, the more i will appreciate it! >> thanks. > > DO **NOT** comply with this turkey's request!! > > If s/he is legitimate then her/his supervisor will be able to supply > her/him with an adequate sample of virii. > > Anyone with a responsible attitude to, and interest in, virii will > probably have been subscribed to the VIRUS-L mailing list or been > following the comp.virus traffic (basically the same thing). Having > done so they would know that a request like Amjad's is a *very bad > thing* and they wouldn't have done it. > > Anyone who knows how to forge "kill" messages, should do so for the > message that this one references right now! > > Amjad - this was an incredibly stupid thing to do, whether you think > you have a legitimate request or not, because there is **NO** legitimate > reason for making such a public request. The only people who should > be transferring virii around the net are those who have found new ones > who are sending them to well-known anti-virus researchers. I have been > reading comp.virus traffic for the last 8 months and you sure aint one. > > --------------------------------------------------------------------------- > Nick FitzGerald, PC Applications Consultant, CSC, Uni of Canterbury, N.Z. > Internet: n.fitzgerald@csc.canterbury.ac.nz Phone: (64)(3) 642-337 -- One additional comment: Real virus impregnated code is not required to produce a virus scanner. In fact, having _real_ viri in the machine makes things a whole lot more difficult due to the efforts required to control the environment. A better method is to simply use the well known, published hex-strings recnognized by most virus scanners. These strings can easily be placed in appropriate "dummy" files on the disk and any virus detector should pick out these programs as though they had the real virus corresponding to the code. The key here is that the _real_ virus isn't actually present - along with the risks of damage, spread, etc. that go along with them. --------------------------------------------------------------------------- In real life: Tim Campbell - Electronic Data Systems Corp. Usenet: campbell@dev8.mdcbbs.com @ McDonnell Douglas M&E - Cypress, CA also: tcampbel@einstein.eds.com @ EDS - Troy, MI CompuServe: 71631,654 P.S. If anyone asks, just remember, you never saw any of this -- in fact, I wasn't even here.
mjo@irie.ais.org (Mike O'Connor) (04/03/91)
I'd send him a copy of MS-DOS, but I think it has a copyright. :) ==== Mike O'Connor <mjo@ais.org>
frisk@rhi.hi.is (Fridrik Skulason) (04/06/91)
In article <1991Apr01.024515.204@ecst.csuchico.edu> amjad@ecst.csuchico.edu (Amjad Saqfalhait) writes: >Hi, I am working on a virus detector as an undergraduate project. >In order to have it catch more viruses, I am asking for people to send >me their ibm viruses. The more you send me, the more i will appreciate it! The problem with this is simple: We do not have any guarantee you will not redistribute the viruses you get. As I have a very large collection of PC-viruses (more than 400 variants), I get requests like this quite often. My usual reply is something along the following lines... "Please send me a written request on university letterhead, signed by your supervisor and the head of the department, stating exactly which viruses you need and how you will prevent them from spreading." So far I have not had a single satisfactory reply. -frisk Fridrik Skulason University of Iceland | Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 |
vancleef@iastate.edu (Van Cleef Henry H) (04/11/91)
In article <3018@krafla.rhi.hi.is> frisk@rhi.hi.is (Fridrik Skulason) writes: >In article <1991Apr01.024515.204@ecst.csuchico.edu> amjad@ecst.csuchico.edu (Amjad Saqfalhait) writes: >>Hi, I am working on a virus detector as an undergraduate project. >>In order to have it catch more viruses, I am asking for people to send >>me their ibm viruses. The more you send me, the more i will appreciate it! > >The problem with this is simple: > >We do not have any guarantee you will not redistribute the viruses you get. > >As I have a very large collection of PC-viruses (more than 400 variants), >I get requests like this quite often. My usual reply is something along the >following lines... > > "Please send me a written request on university letterhead, > signed by your supervisor and the head of the department, > stating exactly which viruses you need and how you will > prevent them from spreading." > >So far I have not had a single satisfactory reply. > >-frisk > >Fridrik Skulason University of Iceland | >Technical Editor of the Virus Bulletin (UK) | Reserved for future expansion >E-Mail: frisk@rhi.hi.is Fax: 354-1-28801 | > > Fridrik, I am glad that you posted this in this manner. I could obtain the type of letter you specify, signed by the University president and the trustees. The fact in the matter is that the students import more than enough virii already. I am presently doing a study of the virus question as it might affect our distributed Unix system, and the last thing I want on is a live virus. We do not have facilities for quarantining them in a proper research setting. So you won't receive such a letter from me. This is an open letter to Amjad and to any other computer science student who may think that obtaining, creating, or otherwise fiddling with software that damages computer is "learning," or can be represented as such. You came to college to study about computers (and, hopefully, a number of other things besides the sciences such as mathematics and physics that surround computer design). If you complete your course, you will have a BS degree, and may choose to go on to get an MS, maybe even a Ph.D. If you decide to work in the computer industry, you will, as part of the interviewing process, talk with a "hiring manager." I have plenty of experience as a "hiring manager, perhaps more years than you have been alive. No matter what degree you have, what grade point average you can present, and what recommendations you have from your advisors, if you so much as mention the idea of virii, trojan horses, worms, etc., you will set me sit right up. I will ask you to tell me precisely what your involvement with this was. You had better be prepared to prove to me beyond the shadow of a doubt that your motives were "research" and not "mischief." I will want to see a copy of the paper you wrote. I will want to know where it was published. Rest assured that I will follow through and make sure that the "research" was research, and not mischiefRest assured also that unless I become convinced that all this was clean and above board, you will not work in my shop. Rest assured that my management will support me. You will get a polite letter from our personnel people (now called "human relations") saying that we were pleased to interview you and a whole bunch of---to be blunt---weasel words, but that we can't use your skills at present. Now, if you choose to study computer security, and there is more to that topic than just virii, go to your department advisor and make that known. That is why you have an advisor. You say you are an undergraduate. There is plenty of material to study in the virus-l archives. There is even a call for papers there, with a $1000 prize for the best paper. The competition is open to undergraduates. The reason I know this is that I am doing a study in security and I am reading the material in the virus-l archive to find out what has happened up until now. The difference between you studying this material and me studying it is that I won't get a "grade,"---the "final exam" is to make proper recommendations to our administration that provide reasonable protection at reasonable cost. Learn how to do this, and people will pay you a lot more than minimum wage. That is (or ought to be) why you are in college. If you want a creative and imaginative project, then spend $169 and buy a copy of Minix 1.5. Install it on a micro-computer, study the code, and improve it. You might add provision for Berkeley sockets. While you are studying the code you might consider that if you can improve on Dr. Tanenbaum's work, you are walking with giants. Some of your young friends might call you a "dweeb" or a "weenie" (terms I learned from reading net news). If you do something like this, post it to the minix archives, and later say "I am looking for a graduate study," you will discover that you will have about 100 choices for doing this and won't have time to complain about being "turned down." Now, Amjahd, if the people at "csuchico" have read these posts, I imagine that you have heard about it from them. I am relatively new to the academic world, after 32 years of being a practicing engineer. My "supervisor" has been specific with me that what would be cause for termination in industry is to be dealt with as a teaching/learning situation here at Iowa State. I just hope that this has been a "learning experience" for you. Work in the industry long enough and you will get plenty of opportunity to screw things up and make a mess out of them while trying to make them work. --
lrj@CS.Cornell.EDU (Lew Jansen) (04/13/91)
In article <1991Apr01.024515.204@ecst.csuchico.edu> amjad@ecst.csuchico.edu (Amjad Saqfalhait) writes: >Hi, I am working on a virus detector as an undergraduate project. >In order to have it catch more viruses, I am asking for people to send >me their ibm viruses. The more you send me, the more i will appreciate it! There's been lots of interesting discussion, which is all very good, and proper; after all, I wrote my own patch for Sun Sendmail to plug the hole used by Robert Morris' little fun a couple years ago. However, did *anyone* happen to notice just exactly when Mr. Saqfalhait posted his request? Anyone remember the significance of the date 1 April? -- -- Lewis R. Jansen, N2KNV lrj@helios.tn.cornell.edu LASSP/LNS Systems Manager (607) 255-6065 '78 CX500 "You can't fight in here, this is the War Room!"