Copy Link
Add to Bookmark
Report
Chaos Digest Volume 01 Numero 16
Chaos Digest Lundi 29 Mars 1993 Volume 1 : Numero 16
Editeur: Jean-Bernard Condat (jbcondat@attmail.com)
Archiviste: Yves-Marie Crabbe
Co-Redacteurs: Arnaud Bigare, Stephane Briere
TABLE DES MATIERES, #1.16 (29 Mars 1993)
File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01)
Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from cccf@altern.com. The editors may be contacted by
voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard
Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex,
France
Issues of ChaosD can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
* kragar.eff.org [192.88.144.4] in /pub/cud/chaos
* uglymouse.css.itd.umich.edu [141.211.182.91] in /pub/CuD/chaos
* halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos
* ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest
* ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos
* nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos
* orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos
Issues of ChaosD can also be found on some French BBS. Back issues of
ChaosD can be found on the Internet as part of the Computer underground
Digest archives. They're accessible using anonymous FTP from:
CHAOS DIGEST is an open forum dedicated to sharing French information among
computerists and to the presentation and debate of diverse views. ChaosD
material may be reprinted for non-profit as long as the source is cited.
Some authors do copyright their material, and they should be contacted for
reprint permission. Readers are encouraged to submit reasoned articles in
French, English or German languages relating to computer culture and
telecommunications. Articles are preferred to short responses. Please
avoid quoting previous posts unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Chaos Digest contributors
assume all responsibility for ensuring that articles
submitted do not violate copyright protections.
----------------------------------------------------------------------
Date: Wed Mar 24 15:03:59 CDT 1993
From: patt@SQUID.TRAM.COM (Patt Bromberger )
Subject: File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01)
DON'T SHOW THE DIRECT CODE
Date: Thu Oct 29 11:06:36 MET 1992
From: nkolte@daimi.aau.dk (Nikolaj )
Why publish a book where you show people to write virus, this would only get
more viruses going and eventhough that most of them aren't doint any damage,
the still is a pain in the a... - costing hours of labour to disinfect.
But the concept behind how a virus works is very intereting and can find
usage in modern network and update programs. Why not put emplasis on that
isue and tell about how to write selfrep. code, but NOT show the direct code
of the most common virusses
COOK BOOK SOLUTION
Date: Mon Nov 2 08:27:18 -0500 1992
From: ajalbert@watson.eece.maine.edu (Anthony J. Albert )
Interesting. But all in all, I hold the opinion that _someone_ will
always wish to destroy what others have... be it a nation's territory or a
person/ company's data. The only way to curb this tendancy is through the
education of the young.
Also, this book might contain a "cook book solution" to write your very
own virus. However, there still is a step between theory and practice. If
what the CCCF says is true, that the viruses described in this book can be
defeated by any anti-viral program, then most people who read this book
will _maybe_ write one, then destroy it. If there is no challenge to the
process of writing it, that will dissuade many people from bothering, IMHO.
The few that will try to go beyond what the book teaches, and build a
better virus, are the people that, again IMHO, would probably have tried to
do it anyway. All the book would do is enable them to skip the first few
steps. Possibly this is even for the better, as they might create _less_
effective viri than if they _had_ taught themselves from the ground up.
I think the main problem still lies in the need to teach the sanctity of
property to children. If that lesson is learned early, then some of the
destructive tendancies that exist in today's societies might be curbed.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Anthony J. Albert |Usenet is distributed network anarchy
|at its best--or worst, depending on
ajalbert@watson.eece.maine.edu |what is posted on any perticular day.
io00038@maine.maine.edu | --David Fielder in _Byte_
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
YOU KNOW THE CONSEQUENCE
Date: Fri Nov 13 15:23:05 -0800 1992
From: paul_rolland@gateway.qm.apple.com ("Paul Rolland" )
This opinion seems to be correct as long as only Personal Computers are
invloved. I.m not sure it's true that most of the 1,500 known viruses can
be easily defeated, but I know this is true only for PCs or MAC. For Unix
stations, this is no more true !
Concerning networks, in France, this is not yet something usual. But it's
more and more present in enterprise, and often machines that are on these
networks are differents. No one knows what is the result of the attack of
a Unix virus on a PC or vise-versa. But the worst point is to consider that
because many viruses aren't destructive, viruses are not dangerous.
FALSE !!! For an enterprise, a virus, even non desctructive, that will
prevent machine from working can mean a lig loss of money, and so on ! Not
only data is important, but the availability of these datas and of the
machine.
I'd like to know how such an operation can help knowledge on viruses ! If
you want to progress on understanding viruses, ask people to promise they
will not diffuse viruses, and give them the book, asking them to develop a
virus. I.m sure that some of them will be able to write one that will not be
detected (or at least corrected) by classical anti-viruses. I'm personnaly
interested in such an experiment, and if you need my help, please contact me
This is exactly what will inspire most people wishing to develop a virus but
having not enough knoledge on ASM programming to do it. But even worse, all
the one that have good knowledge will be able to extract from such a book
all what is interesting and write some more powerful code. If you really
want to publish a book about viruses, you *SHOULD NOT* give a single piece
of code in an existing language for an existing computer that people could
reuse !!!!
Seriously, do you think this is enough to prevent unresponsible adult to
misuse such a book ? Are you sure people writing viruses are all under 18?
It is true that no law can prevent such a publication, but in fact no one
can prevent people from using what is in such a book, and that is the real
problem.
If CCCF really want to publish such a book, it'd better experiment to
consequence of such a publication ! I'm ready to develop some piece of code
using this book and put it on their computer ! Well, they are sure anti
viruses will remove it and it is non destructive !
Publishing such a book is like giving atomic bombs to Irakians ! You *know*
the consequence, even if you refuse to admit it !
Please do not hesitate to contact me for more information if required !
Paul Rolland
rol@grasp1.univ-lyon1.fr
ONE COMPTEMPTABLE ACTION
Date: Sat Nov 14 02:21:09 EST 1992
From: fish@cc.gatech.edu (Fish )
While I obviously have a certain morbid curiosity about the book (since I
am expecting to receive a copy for my opinion), I do think its publication
is harmful. To publish it under the guise of public education is
(metaphorically speaking) like driving the wrong way on a one-way highway
and claiming that you are trying to advocate more saftey features in cars.
By publishing actual computer code, and proceding to argue it is benign
seems to almost be arguing that viruses are some misunderstood animal, that
should be encouraged. I think I would have less contempt for this action if
CCCF had at least claimed that they were publishing it in hopes someone will
be encour- aged to come up with a better virus.
I also find the claim that this book is banned in the US a bit suspicious.
I seem to recall something about a first amendment.
To close, I find CCCF's actions to be contemptable, but I oppose censorship
at any level, and support CCCF's right to publish it.
IT's EXTREMELY FOOLISH
Date: Sat Nov 14 18:56:55 PST 1992
From: tck@fold.ucsd.edu (Kevin Marcus )
I think that it's extremely foolish to publish how to write viruses with
code. _The Black Book of Computer Viruses_ is not the only book which
has source code, but it is the first significant contribution, as it
does contain a few "good" viruses, as in replicators.
Just because it's possible to detect a virus doesn't mean it's a threat!!
And, just because somethign is labeled, "Forbidden for readers not 18
years old," doesn't mean that someone won't get a copy of it!
One may argue that it is possible it will help develope AV programs, but
this is unlikely. The peopel who can write anti-viral programs are
usually doing so after the virus has been created (with exception to some,
such as Integrity Master). NOnetheless, the virus must get somewhere before
the AV person gets ahold of it. If you are capable of writing an AV
program, you can write a virus. And, there is no reason to tell someone how
to write a virus in the first place. They should take a programmign class
and figure it out themselves if they want to know.
The book propogates virus creation. You have clearly never experienced a
damaging virus. And, just because a virus can be detected and even removed,
doesn't make it no longer a threat. Example: What are the most common
viruseS? Stoned, Jeruslam, Michelangelo.
They all have poor replication methods, are buggy, and they have been easily
removed for some time, yet they are stilla threat.
LIKE sex education programs
Date: Sun Nov 15 17:37:58 GMT 1992
From: jd4q+@andrew.cmu.edu (Joe Eddy Demers )
I think that this book will make much less difference in the amount of
viruses out there than most people would think. There are already plenty
of newsletters and underground digests, as well as many 'respectable'
journals that have laready published this information, from several
different perspectives. It is like the controversy over Popular
Science's articles about bugs and other detection and spying devices. If
the information was already available, why not compile and publish it?
Although a lot of harm can come to computer systems through viruses, the
best method of protection is education, not ignorance. That's already
been tried with schools where sex education programs are shot down by
parents, who don't want their children exposed to sex, and don't feel
comfortable with their children knowing, feeling that the more they
know, the more tempted they will be to try it. That is always a risk,
but young adults having safe sex in an intelligent manner is better than
having fewer young adults engaging in sex, when those who do are unsafe
and uneducated. As it is whith viruses. There are potentially quite a
few applications for viruses, although many will border upon many lines
of morality/immorality and priveacy issues. All in all, I would have to
say taht the publishment of any information is generally beneficial,
rather than detrimental, and education is most often the best course of
protection from any threat. Thank you.
TO ADD FUEL TO A SMALL FIRE
Date: Mon Nov 16 12:39:42 EDT 1992
From: MURPHY@net2.eos.uoguelph.ca ("Jim Murphy" )
I just receive today via the email jungle but will give you a few comments
below throughout your article. Generally I would have problems with such
material in the press, but anyway...
Today's average has enough to worry about especially if they are really an
average DOS user. Why make their risk to virus attacks even easier! The
average user at my school does very little in general to be protect from
Viruses and only as a result of a few outbreaks have we educated the
masses. It is very frustrating to explain to someone that their software
and their files are no longer available because of a computer virus. All
you seem to be doing is to add fuel to a small fire already burning!
--
Jim Murphy, Graduate Student
School of Engineering, University of Guelph, Guelph, Ontario, CANADA
InterNet : Murphy@Net2.EOS.UoGuelph.Ca BITNET : UGG00059@UOGUELPH
CompuServe : 76300,254
Ma-Bell Net : Work (519) 824-4120 (ext 4871) FAX : (519) 836-0227
RELEASING A POTENTIALLY DESTRUCTIVE BOOK
Date: Wed Jan 6 10:33:47 EST 1993
From: raphael@ms.uky.edu (Raphael Finkel )
No idea why you sent this article to me, but here is my response:
1. It is not polite to release code for viruses. It doesn't do anyone
any good (except the author, through royalties) and has a large potential
for harm.
2. The article talks about two essentially unrelated issues: (a) Kephart's
study, which I am not familiar with and which seems to report the obvious,
that viruses spread by floppies, and (b) that the computer club is releasing
a potentially destructive book. I don't know why the article chose to
combine these. As to (a), the reason viruses don't spread by networks is
that the only computers well connected by networks have reasonable operating
systems. IBM PCs running MS-DOS are the principal victims of viruses,
primarily because they don't use a reasonable operating system.
THIS IS SOMEWHAT CONFUSED
Date: Wed Jan 6 23:13:17 GMT 1993
From: internet!adam.adelaide.edu.au!phil (Phil Kernick )
I will be quite happy to tell you my impressions...
This is somewhat confused. From the whole article I assumed that we are
talking about viruses specifically for IBM/PCs, and probably the more
general class of trojans, but the comment about "networks" confuses the
issue.
I assume that the journalist did not understand the difference between LANs
and the InterNet, and was trying to make a comment that viruses did not tend
to be distributed over the net (e.g. at FTP sites) but rather by physical
exchange of disks. I do not know of *any* network viruses - unless you
count Robert Morris' WORM.
It doesn't say what knowledge that this book purports to extoll.
In what way? I would be somewhat disappointed if such a book were
published, not because I want to supress the information, but more because:
(a) Anyone with half a clue can write a virus;
(b) If published, many people with *no* clue *will* write a virus.
But this is still like giving a loaded gun to someone and saying "don't use
it".
Generically viruses are a pain, but arguabley if no-one swapped pirated
software then fewer people would be the victims. I would not support the
publication of such a book.
--
_-_|\ Phil Kernick "Sleep all day,
/ \ University of Adelaide Party all night,
\_.-*_/ E-Mail: phil@adam.adelaide.edu.au It's fun to be a
v Phone: +61 8 228 5914 Vampire!"
THE INFORMATION EXISTS
Date: Sat Jan 9 23:25:47 PST 1993
From: malloy@nprdc.navy.mil (Sean Malloy )
With the increased number of 'file exchange' BBSes across the country,
particularly those that maintain an upload/download ratio, I believe
that three steps may be an unreasonably low number of 'steps',
particularly in the case of infections to programs of obvious utility
or interest, such as virus scanners, archivers, or graphics file
display programs.
If you assume that the person responsible for originating the virus
operates by uploading an infected program to a BBS, it is clear that
there is a minimum of two 'steps' from the originator's system to the
target system. In the case of a local BBS, the infected file may never
leave the city, and is likely to do so only as a result of physical
disk transport, but within that city the spread of the infection is
likely to require no more than three 'steps'.
However, with the availability of files through a worldwide network --
the anonymous FTP archive sites on UseNet -- it is possible for an
infected file to be spread to BBSes in widely scattered cities in only
three 'steps' from the originator's system. Once the infection has
reached a system in a city, it will then be possible to spread within
that city through BBS uploads of infected software. Therefore, I
believe that the question of viral infection should be broken up into
two mostly separate models: infection across nation- or world-wide
networks, and infection within areas where file transfers are mediated
by essentially standalone BBSes.
That a virus is not destructive is not relevant to the problem of
controlling virus infection; any programmer reasonably competent in
assembly language should be able to disassemble a virus, once found
and identified, and replace an innocuous functional tail with a
destructive one.
The information exists, and is already widespread; attempts to control
its spread to/in the U.S. are idiotic, useless, and unconstitutional.
The data describing viral code is neutral; it can be used either to
construct programs to detect viri or to create new viri. Regardless of
the use to which it is put, the information cannot be banned on the
claim that it could be used to write viri, because that constitutes a
prejudgement of guilt; the government must prove that any given
individual _will_ write and spread viri using the information in the
book before the ban may legally be enacted -- U.S. law requires a
presumption of innocence in the absence of proof to the contrary. If I
have a knife, the fact that _some_ people use knives to commit
assaults and murders does not prove that _I_ will commit an assault or
murder with my knife, and the government may not take away my knife
until I demonstrate that I _will_ commit an assault or murder with it.
--
random sig #60:
Sean Malloy | If you know what you're doing,
Navy Personnel Research & Development Center| how long it will take, or how
San Diego, CA 92152-6800 | much it will cost, it isn't
malloy@nprdc.navy.mil | research.
crux of mis-representation of viruses
Date: Fri Jan 8 22:54:15 MST 1993
From: thayne@unislc.slc.unisys.com (Thayne Forbes )
This is IMHO the crux of the general mis-representation of viruses.
Specifically, nearly all viruses are on 'micro' computers, and even now
very few of these are networked. Certainly not to the extent that the
above assumes. Consequently, much ado about nothing.
And this is the crux of my belief that this is almost not worth my
concern. In ten years of daily use, I have never been infected. Only
one person of my acquaintance has ever been infected. While I have not
made any stupid mistakes to get myself infected, I have not been
particularly careful either.
This is really an old debate. You either believe that these should be
kept secret, or that they should be spread as widely as possible. No one
ever changes anybodies mind about this issue.
My opinion is that some very bright programmers are writing very cheap
and easy anti-viral software, and thus there is no need to diseminate
the code.
These two excuses are so stupid that I can't believe that anyone seriously
espouses them as reasons to publish. Sorry, that's how I feel.
LET THEM PUBLISH
Date: Fri Jan 8 10:33:58 GMT 1993
From: tih@barsoom.nhh.no (Tom Ivar Helbekkmo )
Sure thing... I say let them publish. The information will be spread
anyway, and this way might make it less interesting to many to actually
release viruses, since some of the challenge will be gone. And in any
case, anyone who uses a personal computer (read "toy"), should be aware
of the virus problem, and if they're stupid enough to run pirated games
and stuff on their machines, that's just too bad.
--
Tom Ivar Helbekkmo, NHH, Bergen, Norway. Telephone: +47-5-959205
Postmaster for domain nhh.no. Internet mail: tih@barsoom.nhh.no
NO HYSTERIA
Date: Wed Jan 6 19:23:38 EST 1993
From: internet!uunet.UU.NET!jaflrn!jaf (Jon Freivald )
My comments on the content:
I find it old news ("not every machine could make contact..."), or,
rather, a more realistic statement than the picture many visionaries
have tried to paint, as well as a touch alarming (the availability of
the book). I also find it to be one of the few sensibly written
articles I've seen -- no hype, no doomsaying and no hysteria... just a
simple statement of the facts (& do I sense perhaps just a touch of
sarcastic humor right at the end..?).
My comments on the situation:
I've often commented on the fact that we'll never have all computers
interconnected until it is both as cheap and as easy as plugging in a
telephone... Until that's the case (and the service is globally
available), you'll have many folks who are content to do the floppy disk
shuffle. E-mail must also be made much simpler than it is now, with the
equivilant of a phone book available to everyone with minimal resource
usage. It's just "about time" that IBM and others realize that there
are many, many, many computer users out there who either don't use their
systems for business, or are a small enough business that can't afford
the astronomical costs of their traditional communications solutions.
The availability of the book can be both good and bad. Bad in the fact
that it makes malicious knowledge generally available. The "average"
reader is going to read it and pattern his work after what he has
learned, but the exceptional reader is going to get concepts from what
he has learned, ponder the potential, and run with it in his own
direction. Without the book, the exceptional reader may have never been
drawn down that path.. Where it can be good is that it very well may
establish patterns that can be recognized and dealt with, much in the
way that work from "A Poor Man's James Bond" is easily recognized (and
avoided/disarmed) by many law enforcement and military men... From that
angle, if the book had been available to me here I might have learned to
recognize some things quicker than the trial & error method I took.
I hope these were the types of opinions you were looking for... If not,
be a bit more specific & I'll spout off again..! ;-)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Jon Freivald ( jaf%jaflrn@uunet.UU.NET )
Nothing is impossible for the man who doesn't have to do it.
PGP V2 public key available on request
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
THE TITLE MAKE ME CRINGE
Date: Sun Dec 13 22:05:39 CST 1992
From: internet!casbah.acns.nwu.edu!jmcadams (James McAdams )
Well, IMHO, the article is a reasonable mix of hot-air and hysteria.
The viruses are already out there in reasonable quantities, and the problem
is already of a magnitude that everyone should be using some form of anti-
viral defenses. If you don't, you have little business complaining about
being infected. Every virus outbreak I've seen could fairly easily
be traced to risky behavior by someone on the network/machine.
Besides, any scanner worth the shareware price should be more "up-
to-date" than a printed book. The time-scales are quite different.
Being worried about an increase caused by published source code is silly.
Variants exist, and are dealt with adequately. What people really should
worry about is the people who know enough to write BRAND NEW viruses using
BRAND NEW loopholes! :-)
I guess my opinion on "should the book be published" is YES!
The potential threats are minor, except for people who can't be worried
to take care of their computer. The principle of banning "anti-social"
documents and publishing is fundamentally wrong. Knowledge can NEVER be
dangerous, because for every one person who learns and tries to destroy,
many more learn to create.
THE HARD WAY
Date: Fri Nov 13 10:59:00 EST 1992
From: LCHARDON@TrentU.ca (Laurent Chardon )
You are asking for an opinion, but I'm sory I'm not sure what you
are expecting. What do you want opinion on? The book? The article?
The fact that most viruses don't travel through the nets but by disks?
I will try to give you my humble opinion on the book and the propagation
means of the viruses, but if you don't find my answers satisfying, or if I
didn't answer your question at all, please let me know.
It is a fact that getting a program from a disk is more dangerous
than getting it from a BBS or a world wide network. Why? First of all, BBS
owners are well aware of the risks (if there is an infected program in
their machine, they will be the first affected...), and in all the BBS I
know, whenever a new file enters the system, it is thoroughly scaned for
viruses. And most people I know double check any program they download.
For some reason, people tend to be less carefull with disks. Usually you
get an infected disk from a friend, and you're not suspicious because you
trust that friend. It is just like with biological sexually transmitted
diseases, your friend might not be aware that he/she is carrying the virus.
Most people are connected to their local BBS (to avoid long distance
charges, and also because most of them don't have access to internet,
etc...), and IF a virus manages to reach a BBS, it will affect (at first)
the people connecting, i.e. the "locals". The virus then will continue
spreading, but this time by "physical" means. It is the well known
infection, the one for which most personal computers viruses are designed:
disk to disk. This kind of virus is very popular because such programs are
easy to write, and they travel far (see the brain virus etc.) Writing a
virus which propagates efficient on a network requires a good knowledge of
the internals of the net, which most people don't have. There are also more
security measures on network and mainframe computers. But then again, if a
virus manages its way through a network, it can spread very quicly, very
far. Remember RTM ?
Publishing a book that will help people writting their own virus
will have a nasty effect at first on these computer owners who don't know
anything about viruses. Who will benefit from the book? People who are not
very good programmers. Therefore the viruses they will write will follow
more or less the pattern provided, and therefore they will be easily
detected. A lot more viruses will appear, but the only people who will
catch viruses of this new "breed" are the one who don't use the simple
virus checkers available. Since the awarness of computer users is
increasing, the number of these people is always decreasing, and a couple
thousand of new viruses let free will certainly help this consciousness
rise more (although people will probably learn "the hard way"...) The
"hackers" that write dangerous viruses (using good stealth techniques, code
that go around software protections etc...) don't need the book. They won't
benefit from it. Therefore to my opinion, the effect of the book will be
that the weakest machines only will be affected, once. The victims will
then be more careful.
In general, I think that the book is a good idea, and I will
probably buy it myself. I don't think it will do much harm, but it will
speed up things. People who are going to catch viruses because they don't
know about it or they're not careful will do so sooner. They will learn
(hopefully...) and be more cautious in the future.
I don't know if this is what you were asking. Please tell me if I
have been helpful or not. If I have not, please indicate me how I can be.
I'm also curious on how I ended up on your mailing list. By the way, could
you tell me more about the CCCF ? Merci...
____________________________________________________________________________
Laurent Chardon, Trent University, Peterborough ONTARIO CANADA K9J 7B8
Voice: (705)-749 5022 E-mail: LCHARDON@TRENTU.CA
____________________________________________________________________________
I FULLY SUPPORT THIS PUBLICATION
Date: Sat Nov 14 18:10:58 GMT 1992
From: ST1H4@Jetson.UH.EDU
thank you for sending me the responses. no matter what the general public
believes, i still fully support your publication of the book. if you need
any help here in the USA just let me know.
keep the faith
sam
---
Judge Dredd
Editor - NIA Magazine
Ignorance, There's No Excuse.
------------------------------
End of Chaos Digest #1.16
************************************
