Chaos Digest Lundi 29 Mars 1993 Volume 1 : Numero 16 Editeur: Jean-Bernard Condat (jbcondat@attmail.com) Archiviste: Yves-Marie Crabbe Co-Redacteurs: Arnaud Bigare, Stephane Briere TABLE DES MATIERES, #1.16 (29 Mars 1993) File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01) Chaos Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost from cccf@altern.com. The editors may be contacted by voice (+33 1 47874083), fax (+33 1 47877070) or S-mail at: Jean-Bernard Condat, Chaos Computer Club France [CCCF], B.P. 155, 93404 St-Ouen Cedex, France Issues of ChaosD can also be found on some French BBS. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP from: * kragar.eff.org [192.88.144.4] in /pub/cud/chaos * uglymouse.css.itd.umich.edu [141.211.182.91] in /pub/CuD/chaos * halcyon.com [192.135.191.2] in /pub/mirror/cud/chaos * ftp.cic.net [192.131.22.2] in /e-serials/alphabetic/c/chaos-digest * ftp.ee.mu.oz.au [128.250.77.2] in /pub/text/CuD/chaos * nic.funet.fi [128.214.6.100] in /pub/doc/cud/chaos * orchid.csv.warwick.ac.uk [137.205.192.5] in /pub/cud/chaos Issues of ChaosD can also be found on some French BBS. Back issues of ChaosD can be found on the Internet as part of the Computer underground Digest archives. They're accessible using anonymous FTP from: CHAOS DIGEST is an open forum dedicated to sharing French information among computerists and to the presentation and debate of diverse views. ChaosD material may be reprinted for non-profit as long as the source is cited. Some authors do copyright their material, and they should be contacted for reprint permission. Readers are encouraged to submit reasoned articles in French, English or German languages relating to computer culture and telecommunications. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Chaos Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ---------------------------------------------------------------------- Date: Wed Mar 24 15:03:59 CDT 1993 From: patt@SQUID.TRAM.COM (Patt Bromberger ) Subject: File 1--Reactions sur "C'est decide! J'ecris mon virus" (Re: #1.01) DON'T SHOW THE DIRECT CODE Date: Thu Oct 29 11:06:36 MET 1992 From: nkolte@daimi.aau.dk (Nikolaj ) Why publish a book where you show people to write virus, this would only get more viruses going and eventhough that most of them aren't doint any damage, the still is a pain in the a... - costing hours of labour to disinfect. But the concept behind how a virus works is very intereting and can find usage in modern network and update programs. Why not put emplasis on that isue and tell about how to write selfrep. code, but NOT show the direct code of the most common virusses COOK BOOK SOLUTION Date: Mon Nov 2 08:27:18 -0500 1992 From: ajalbert@watson.eece.maine.edu (Anthony J. Albert ) Interesting. But all in all, I hold the opinion that _someone_ will always wish to destroy what others have... be it a nation's territory or a person/ company's data. The only way to curb this tendancy is through the education of the young. Also, this book might contain a "cook book solution" to write your very own virus. However, there still is a step between theory and practice. If what the CCCF says is true, that the viruses described in this book can be defeated by any anti-viral program, then most people who read this book will _maybe_ write one, then destroy it. If there is no challenge to the process of writing it, that will dissuade many people from bothering, IMHO. The few that will try to go beyond what the book teaches, and build a better virus, are the people that, again IMHO, would probably have tried to do it anyway. All the book would do is enable them to skip the first few steps. Possibly this is even for the better, as they might create _less_ effective viri than if they _had_ taught themselves from the ground up. I think the main problem still lies in the need to teach the sanctity of property to children. If that lesson is learned early, then some of the destructive tendancies that exist in today's societies might be curbed. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Anthony J. Albert |Usenet is distributed network anarchy |at its best--or worst, depending on ajalbert@watson.eece.maine.edu |what is posted on any perticular day. io00038@maine.maine.edu | --David Fielder in _Byte_ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ YOU KNOW THE CONSEQUENCE Date: Fri Nov 13 15:23:05 -0800 1992 From: paul_rolland@gateway.qm.apple.com ("Paul Rolland" ) This opinion seems to be correct as long as only Personal Computers are invloved. I.m not sure it's true that most of the 1,500 known viruses can be easily defeated, but I know this is true only for PCs or MAC. For Unix stations, this is no more true ! Concerning networks, in France, this is not yet something usual. But it's more and more present in enterprise, and often machines that are on these networks are differents. No one knows what is the result of the attack of a Unix virus on a PC or vise-versa. But the worst point is to consider that because many viruses aren't destructive, viruses are not dangerous. FALSE !!! For an enterprise, a virus, even non desctructive, that will prevent machine from working can mean a lig loss of money, and so on ! Not only data is important, but the availability of these datas and of the machine. I'd like to know how such an operation can help knowledge on viruses ! If you want to progress on understanding viruses, ask people to promise they will not diffuse viruses, and give them the book, asking them to develop a virus. I.m sure that some of them will be able to write one that will not be detected (or at least corrected) by classical anti-viruses. I'm personnaly interested in such an experiment, and if you need my help, please contact me This is exactly what will inspire most people wishing to develop a virus but having not enough knoledge on ASM programming to do it. But even worse, all the one that have good knowledge will be able to extract from such a book all what is interesting and write some more powerful code. If you really want to publish a book about viruses, you *SHOULD NOT* give a single piece of code in an existing language for an existing computer that people could reuse !!!! Seriously, do you think this is enough to prevent unresponsible adult to misuse such a book ? Are you sure people writing viruses are all under 18? It is true that no law can prevent such a publication, but in fact no one can prevent people from using what is in such a book, and that is the real problem. If CCCF really want to publish such a book, it'd better experiment to consequence of such a publication ! I'm ready to develop some piece of code using this book and put it on their computer ! Well, they are sure anti viruses will remove it and it is non destructive ! Publishing such a book is like giving atomic bombs to Irakians ! You *know* the consequence, even if you refuse to admit it ! Please do not hesitate to contact me for more information if required ! Paul Rolland rol@grasp1.univ-lyon1.fr ONE COMPTEMPTABLE ACTION Date: Sat Nov 14 02:21:09 EST 1992 From: fish@cc.gatech.edu (Fish ) While I obviously have a certain morbid curiosity about the book (since I am expecting to receive a copy for my opinion), I do think its publication is harmful. To publish it under the guise of public education is (metaphorically speaking) like driving the wrong way on a one-way highway and claiming that you are trying to advocate more saftey features in cars. By publishing actual computer code, and proceding to argue it is benign seems to almost be arguing that viruses are some misunderstood animal, that should be encouraged. I think I would have less contempt for this action if CCCF had at least claimed that they were publishing it in hopes someone will be encour- aged to come up with a better virus. I also find the claim that this book is banned in the US a bit suspicious. I seem to recall something about a first amendment. To close, I find CCCF's actions to be contemptable, but I oppose censorship at any level, and support CCCF's right to publish it. IT's EXTREMELY FOOLISH Date: Sat Nov 14 18:56:55 PST 1992 From: tck@fold.ucsd.edu (Kevin Marcus ) I think that it's extremely foolish to publish how to write viruses with code. _The Black Book of Computer Viruses_ is not the only book which has source code, but it is the first significant contribution, as it does contain a few "good" viruses, as in replicators. Just because it's possible to detect a virus doesn't mean it's a threat!! And, just because somethign is labeled, "Forbidden for readers not 18 years old," doesn't mean that someone won't get a copy of it! One may argue that it is possible it will help develope AV programs, but this is unlikely. The peopel who can write anti-viral programs are usually doing so after the virus has been created (with exception to some, such as Integrity Master). NOnetheless, the virus must get somewhere before the AV person gets ahold of it. If you are capable of writing an AV program, you can write a virus. And, there is no reason to tell someone how to write a virus in the first place. They should take a programmign class and figure it out themselves if they want to know. The book propogates virus creation. You have clearly never experienced a damaging virus. And, just because a virus can be detected and even removed, doesn't make it no longer a threat. Example: What are the most common viruseS? Stoned, Jeruslam, Michelangelo. They all have poor replication methods, are buggy, and they have been easily removed for some time, yet they are stilla threat. LIKE sex education programs Date: Sun Nov 15 17:37:58 GMT 1992 From: jd4q+@andrew.cmu.edu (Joe Eddy Demers ) I think that this book will make much less difference in the amount of viruses out there than most people would think. There are already plenty of newsletters and underground digests, as well as many 'respectable' journals that have laready published this information, from several different perspectives. It is like the controversy over Popular Science's articles about bugs and other detection and spying devices. If the information was already available, why not compile and publish it? Although a lot of harm can come to computer systems through viruses, the best method of protection is education, not ignorance. That's already been tried with schools where sex education programs are shot down by parents, who don't want their children exposed to sex, and don't feel comfortable with their children knowing, feeling that the more they know, the more tempted they will be to try it. That is always a risk, but young adults having safe sex in an intelligent manner is better than having fewer young adults engaging in sex, when those who do are unsafe and uneducated. As it is whith viruses. There are potentially quite a few applications for viruses, although many will border upon many lines of morality/immorality and priveacy issues. All in all, I would have to say taht the publishment of any information is generally beneficial, rather than detrimental, and education is most often the best course of protection from any threat. Thank you. TO ADD FUEL TO A SMALL FIRE Date: Mon Nov 16 12:39:42 EDT 1992 From: MURPHY@net2.eos.uoguelph.ca ("Jim Murphy" ) I just receive today via the email jungle but will give you a few comments below throughout your article. Generally I would have problems with such material in the press, but anyway... Today's average has enough to worry about especially if they are really an average DOS user. Why make their risk to virus attacks even easier! The average user at my school does very little in general to be protect from Viruses and only as a result of a few outbreaks have we educated the masses. It is very frustrating to explain to someone that their software and their files are no longer available because of a computer virus. All you seem to be doing is to add fuel to a small fire already burning! -- Jim Murphy, Graduate Student School of Engineering, University of Guelph, Guelph, Ontario, CANADA InterNet : Murphy@Net2.EOS.UoGuelph.Ca BITNET : UGG00059@UOGUELPH CompuServe : 76300,254 Ma-Bell Net : Work (519) 824-4120 (ext 4871) FAX : (519) 836-0227 RELEASING A POTENTIALLY DESTRUCTIVE BOOK Date: Wed Jan 6 10:33:47 EST 1993 From: raphael@ms.uky.edu (Raphael Finkel ) No idea why you sent this article to me, but here is my response: 1. It is not polite to release code for viruses. It doesn't do anyone any good (except the author, through royalties) and has a large potential for harm. 2. The article talks about two essentially unrelated issues: (a) Kephart's study, which I am not familiar with and which seems to report the obvious, that viruses spread by floppies, and (b) that the computer club is releasing a potentially destructive book. I don't know why the article chose to combine these. As to (a), the reason viruses don't spread by networks is that the only computers well connected by networks have reasonable operating systems. IBM PCs running MS-DOS are the principal victims of viruses, primarily because they don't use a reasonable operating system. THIS IS SOMEWHAT CONFUSED Date: Wed Jan 6 23:13:17 GMT 1993 From: internet!adam.adelaide.edu.au!phil (Phil Kernick ) I will be quite happy to tell you my impressions... This is somewhat confused. From the whole article I assumed that we are talking about viruses specifically for IBM/PCs, and probably the more general class of trojans, but the comment about "networks" confuses the issue. I assume that the journalist did not understand the difference between LANs and the InterNet, and was trying to make a comment that viruses did not tend to be distributed over the net (e.g. at FTP sites) but rather by physical exchange of disks. I do not know of *any* network viruses - unless you count Robert Morris' WORM. It doesn't say what knowledge that this book purports to extoll. In what way? I would be somewhat disappointed if such a book were published, not because I want to supress the information, but more because: (a) Anyone with half a clue can write a virus; (b) If published, many people with *no* clue *will* write a virus. But this is still like giving a loaded gun to someone and saying "don't use it". Generically viruses are a pain, but arguabley if no-one swapped pirated software then fewer people would be the victims. I would not support the publication of such a book. -- _-_|\ Phil Kernick "Sleep all day, / \ University of Adelaide Party all night, \_.-*_/ E-Mail: phil@adam.adelaide.edu.au It's fun to be a v Phone: +61 8 228 5914 Vampire!" THE INFORMATION EXISTS Date: Sat Jan 9 23:25:47 PST 1993 From: malloy@nprdc.navy.mil (Sean Malloy ) With the increased number of 'file exchange' BBSes across the country, particularly those that maintain an upload/download ratio, I believe that three steps may be an unreasonably low number of 'steps', particularly in the case of infections to programs of obvious utility or interest, such as virus scanners, archivers, or graphics file display programs. If you assume that the person responsible for originating the virus operates by uploading an infected program to a BBS, it is clear that there is a minimum of two 'steps' from the originator's system to the target system. In the case of a local BBS, the infected file may never leave the city, and is likely to do so only as a result of physical disk transport, but within that city the spread of the infection is likely to require no more than three 'steps'. However, with the availability of files through a worldwide network -- the anonymous FTP archive sites on UseNet -- it is possible for an infected file to be spread to BBSes in widely scattered cities in only three 'steps' from the originator's system. Once the infection has reached a system in a city, it will then be possible to spread within that city through BBS uploads of infected software. Therefore, I believe that the question of viral infection should be broken up into two mostly separate models: infection across nation- or world-wide networks, and infection within areas where file transfers are mediated by essentially standalone BBSes. That a virus is not destructive is not relevant to the problem of controlling virus infection; any programmer reasonably competent in assembly language should be able to disassemble a virus, once found and identified, and replace an innocuous functional tail with a destructive one. The information exists, and is already widespread; attempts to control its spread to/in the U.S. are idiotic, useless, and unconstitutional. The data describing viral code is neutral; it can be used either to construct programs to detect viri or to create new viri. Regardless of the use to which it is put, the information cannot be banned on the claim that it could be used to write viri, because that constitutes a prejudgement of guilt; the government must prove that any given individual _will_ write and spread viri using the information in the book before the ban may legally be enacted -- U.S. law requires a presumption of innocence in the absence of proof to the contrary. If I have a knife, the fact that _some_ people use knives to commit assaults and murders does not prove that _I_ will commit an assault or murder with my knife, and the government may not take away my knife until I demonstrate that I _will_ commit an assault or murder with it. -- random sig #60: Sean Malloy | If you know what you're doing, Navy Personnel Research & Development Center| how long it will take, or how San Diego, CA 92152-6800 | much it will cost, it isn't malloy@nprdc.navy.mil | research. crux of mis-representation of viruses Date: Fri Jan 8 22:54:15 MST 1993 From: thayne@unislc.slc.unisys.com (Thayne Forbes ) This is IMHO the crux of the general mis-representation of viruses. Specifically, nearly all viruses are on 'micro' computers, and even now very few of these are networked. Certainly not to the extent that the above assumes. Consequently, much ado about nothing. And this is the crux of my belief that this is almost not worth my concern. In ten years of daily use, I have never been infected. Only one person of my acquaintance has ever been infected. While I have not made any stupid mistakes to get myself infected, I have not been particularly careful either. This is really an old debate. You either believe that these should be kept secret, or that they should be spread as widely as possible. No one ever changes anybodies mind about this issue. My opinion is that some very bright programmers are writing very cheap and easy anti-viral software, and thus there is no need to diseminate the code. These two excuses are so stupid that I can't believe that anyone seriously espouses them as reasons to publish. Sorry, that's how I feel. LET THEM PUBLISH Date: Fri Jan 8 10:33:58 GMT 1993 From: tih@barsoom.nhh.no (Tom Ivar Helbekkmo ) Sure thing... I say let them publish. The information will be spread anyway, and this way might make it less interesting to many to actually release viruses, since some of the challenge will be gone. And in any case, anyone who uses a personal computer (read "toy"), should be aware of the virus problem, and if they're stupid enough to run pirated games and stuff on their machines, that's just too bad. -- Tom Ivar Helbekkmo, NHH, Bergen, Norway. Telephone: +47-5-959205 Postmaster for domain nhh.no. Internet mail: tih@barsoom.nhh.no NO HYSTERIA Date: Wed Jan 6 19:23:38 EST 1993 From: internet!uunet.UU.NET!jaflrn!jaf (Jon Freivald ) My comments on the content: I find it old news ("not every machine could make contact..."), or, rather, a more realistic statement than the picture many visionaries have tried to paint, as well as a touch alarming (the availability of the book). I also find it to be one of the few sensibly written articles I've seen -- no hype, no doomsaying and no hysteria... just a simple statement of the facts (& do I sense perhaps just a touch of sarcastic humor right at the end..?). My comments on the situation: I've often commented on the fact that we'll never have all computers interconnected until it is both as cheap and as easy as plugging in a telephone... Until that's the case (and the service is globally available), you'll have many folks who are content to do the floppy disk shuffle. E-mail must also be made much simpler than it is now, with the equivilant of a phone book available to everyone with minimal resource usage. It's just "about time" that IBM and others realize that there are many, many, many computer users out there who either don't use their systems for business, or are a small enough business that can't afford the astronomical costs of their traditional communications solutions. The availability of the book can be both good and bad. Bad in the fact that it makes malicious knowledge generally available. The "average" reader is going to read it and pattern his work after what he has learned, but the exceptional reader is going to get concepts from what he has learned, ponder the potential, and run with it in his own direction. Without the book, the exceptional reader may have never been drawn down that path.. Where it can be good is that it very well may establish patterns that can be recognized and dealt with, much in the way that work from "A Poor Man's James Bond" is easily recognized (and avoided/disarmed) by many law enforcement and military men... From that angle, if the book had been available to me here I might have learned to recognize some things quicker than the trial & error method I took. I hope these were the types of opinions you were looking for... If not, be a bit more specific & I'll spout off again..! ;-) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Jon Freivald ( jaf%jaflrn@uunet.UU.NET ) Nothing is impossible for the man who doesn't have to do it. PGP V2 public key available on request ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ THE TITLE MAKE ME CRINGE Date: Sun Dec 13 22:05:39 CST 1992 From: internet!casbah.acns.nwu.edu!jmcadams (James McAdams ) Well, IMHO, the article is a reasonable mix of hot-air and hysteria. The viruses are already out there in reasonable quantities, and the problem is already of a magnitude that everyone should be using some form of anti- viral defenses. If you don't, you have little business complaining about being infected. Every virus outbreak I've seen could fairly easily be traced to risky behavior by someone on the network/machine. Besides, any scanner worth the shareware price should be more "up- to-date" than a printed book. The time-scales are quite different. Being worried about an increase caused by published source code is silly. Variants exist, and are dealt with adequately. What people really should worry about is the people who know enough to write BRAND NEW viruses using BRAND NEW loopholes! :-) I guess my opinion on "should the book be published" is YES! The potential threats are minor, except for people who can't be worried to take care of their computer. The principle of banning "anti-social" documents and publishing is fundamentally wrong. Knowledge can NEVER be dangerous, because for every one person who learns and tries to destroy, many more learn to create. THE HARD WAY Date: Fri Nov 13 10:59:00 EST 1992 From: LCHARDON@TrentU.ca (Laurent Chardon ) You are asking for an opinion, but I'm sory I'm not sure what you are expecting. What do you want opinion on? The book? The article? The fact that most viruses don't travel through the nets but by disks? I will try to give you my humble opinion on the book and the propagation means of the viruses, but if you don't find my answers satisfying, or if I didn't answer your question at all, please let me know. It is a fact that getting a program from a disk is more dangerous than getting it from a BBS or a world wide network. Why? First of all, BBS owners are well aware of the risks (if there is an infected program in their machine, they will be the first affected...), and in all the BBS I know, whenever a new file enters the system, it is thoroughly scaned for viruses. And most people I know double check any program they download. For some reason, people tend to be less carefull with disks. Usually you get an infected disk from a friend, and you're not suspicious because you trust that friend. It is just like with biological sexually transmitted diseases, your friend might not be aware that he/she is carrying the virus. Most people are connected to their local BBS (to avoid long distance charges, and also because most of them don't have access to internet, etc...), and IF a virus manages to reach a BBS, it will affect (at first) the people connecting, i.e. the "locals". The virus then will continue spreading, but this time by "physical" means. It is the well known infection, the one for which most personal computers viruses are designed: disk to disk. This kind of virus is very popular because such programs are easy to write, and they travel far (see the brain virus etc.) Writing a virus which propagates efficient on a network requires a good knowledge of the internals of the net, which most people don't have. There are also more security measures on network and mainframe computers. But then again, if a virus manages its way through a network, it can spread very quicly, very far. Remember RTM ? Publishing a book that will help people writting their own virus will have a nasty effect at first on these computer owners who don't know anything about viruses. Who will benefit from the book? People who are not very good programmers. Therefore the viruses they will write will follow more or less the pattern provided, and therefore they will be easily detected. A lot more viruses will appear, but the only people who will catch viruses of this new "breed" are the one who don't use the simple virus checkers available. Since the awarness of computer users is increasing, the number of these people is always decreasing, and a couple thousand of new viruses let free will certainly help this consciousness rise more (although people will probably learn "the hard way"...) The "hackers" that write dangerous viruses (using good stealth techniques, code that go around software protections etc...) don't need the book. They won't benefit from it. Therefore to my opinion, the effect of the book will be that the weakest machines only will be affected, once. The victims will then be more careful. In general, I think that the book is a good idea, and I will probably buy it myself. I don't think it will do much harm, but it will speed up things. People who are going to catch viruses because they don't know about it or they're not careful will do so sooner. They will learn (hopefully...) and be more cautious in the future. I don't know if this is what you were asking. Please tell me if I have been helpful or not. If I have not, please indicate me how I can be. I'm also curious on how I ended up on your mailing list. By the way, could you tell me more about the CCCF ? Merci... ____________________________________________________________________________ Laurent Chardon, Trent University, Peterborough ONTARIO CANADA K9J 7B8 Voice: (705)-749 5022 E-mail: LCHARDON@TRENTU.CA ____________________________________________________________________________ I FULLY SUPPORT THIS PUBLICATION Date: Sat Nov 14 18:10:58 GMT 1992 From: ST1H4@Jetson.UH.EDU thank you for sending me the responses. no matter what the general public believes, i still fully support your publication of the book. if you need any help here in the USA just let me know. keep the faith sam --- Judge Dredd Editor - NIA Magazine Ignorance, There's No Excuse. ------------------------------ End of Chaos Digest #1.16 ************************************ Downloaded From P-80 International Information Systems 304-744-2253