Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: [Full-Disclosure] Re: DoomJuice.A, Mydoom.A source code
From: Nick Jacobsen (nickethicsdesign.com)
Date: Tue Feb 10 2004 - 10:05:50 CST
Now Nick, don't take this wrong... but this seems to me to be a case of
closing the barn door after the f***ing hourses already got away. The
source code is now freely available from many sites, so why not share
with someone who at least seems a bit professional?
As four the source code, Riad... check the following link:
Now, I don't generally recommend that site, but hey... if they got it,
From: Riad S. Wahby
Sent: Mon 2/9/2004 8:29 PM
Subject: [Full-Disclosure] Re: DoomJuice.A, Mydoom.A source code
Nick FitzGerald <nickvirus-l.demon.co.uk> wrote:
> I can see how it could be used as an invaluable _publicity_
> attracting folk to the class. However, as a teaching aid, it
> unlikely to be of much more or less value than the source of
> dozens upon dozens of other malwares, and and that value would
People won't be attracted to the class based on the source code
presenting, as they won't know about it beforehand. To be sure,
source to any old virus would in fact work, and I will certainly
consider many others as well in deciding the specifics of the
cirriculum. My intent is to emphasize material taken from
attendees can relate to directly; undergrads are extremely
have much personal experience at all with Robert Morris's 1988
> Unless you are planning on teaching malware _writing_?
Of course not. The seminar deals with the mechanisms, targets,
psychology of a malware pandemic.
> For folk interested in work in the antivirus and related
> fields, source code is all but worthless. We rarely have the
> code of the malware we have to analyse -- at least, we rarely
> in advance of, or concurrent with, having do such analyses.
> engineering is the name of this game and source code is then
> -- if you have source you need not reverse and if you must
> would not have the source...
The class in question is not about reverse engineering. It
not the response and interdiction from AV companies et cetera,
underlying social and technical infrastructure upon which
their authors rely.
> Also, from a purely pedagogical perspective (I majored in
> and Education), I find your claim that having the source of
> malware "could be an invaluable teaching aid" deeply
> Teaching from the specific is generally superficial, less
> and generalizes much less well than providing a good
> grounding in the subject matter. Could you expound the
> applications that presenting this specific malware's source
> your class would illustrate especially well?
Clearly one must also recognize the importance of providing
particulars in which to couch the theoretical. Of course, I'm
going to hand out pages of source and say "this is it kids,
Instead, general claims will be augmented with carefully chosen,
> Finally, whether you obtain this code or not, what aspects of
> ethics of possessing, handling, distributing, etc such code
will be you
> be teaching?
This is obviously an important topic, and one that I will go to
lengths to stress.
> Personally, I doubt they will be substantial (or even present)
> your initial approach to obtaining the code shows a serious
> concern for some significant ethical issues straight off...
I asked people to email me personally; in doing so, I was
to contact those who might be of assistance. Moreover, by
to do so in a personal context (off-list) I've implied that I'm
willing to confirm my identity and describe in greater detail my
intentions. As far as I can tell, I have ignored no "ethical
in attempting to establish a dialogue with those who might help
> And what controls will you be placing on your students
> copying, etc the code? Given your brazenly open and
> here, why should we expect that you will take any special care
> code and its further distribution to and among those taking
> and their room-mates, buddies and other contacts?
As I will neither be distributing code in electronic form nor
out intact code listings, there is little danger that my
be able to assemble a virus based solely on what I provide.
the point, and to be quite frank, this is MIT. The students
don't need someone else's source code to write an email virus;
would, however, be well served to be shown examples germane to
modern virus "landscape."
My request was brief and to the point so as not to waste the
those it did not concern (a topic on which others might use a
or two). Your claim that it was "uncaring" is completely
basis in fact. It was an open request because I have nothing to
It gave enough information to make initial contact with those
might help me without unduly taxing the schedules of those who
or will not.
Mr. FitzGerald, I've read many of your posts to full-disclosure,
am familiar with the apparent intensity of your personality.
vigilance in matters such as these is not only appropriate, but
required. On the other hand, your surplus of zeal in responding
message might be viewed by some as an attempt to quash the
academic study of an issue of ever-increasing import, or
holier-than-thou proselytizing based on a questionable
of my intentions. In the future, I encourage you to temper your
in order to prevent such misunderstandings.
MIT VI-2 M.Eng
Full-Disclosure - We believe in it.
Full-Disclosure - We believe in it.
- application/ms-tnef attachment: winmail.dat