Slashdot Mirror
Can Reverse Engineering Help In Stopping Worms?
krozinov writes "The goal of this paper is to try to answer the following three questions:
How do you reverse engineer a virus? Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants? Can reverse engineering be done more efficiently?
The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle worm, while Appendix B presents the derived source code of the Beagle virus, as a result of this research."
Why didn't I think of that:? :P
If I understood the article, they are trying to reverse-engineer worms to find out how they work. Why not just ask the numerous people who were black hats but now work for security firms?
**This begins my ever-changing sig
We need a -1 RTFA moderation option!
**This concludes my ever-changing sig
what happens when they reverse engineer the reverse engineering you did on the virus they originally wrote? if we look into the biological field, fighting viruses only makes them stronger. Not that we shouldn't but the better the anti virus writer becomes, the better the virus writer already is.
-Teiresias
perhaps it would be more insightful to study WHY individuals expend so much time and energy writing viruses, worms, etc. in the first place.
in the future, i suspect this sort of malware will only get worse in terms of technical complexity, but the reason for their creation will probably be roughly the same.
my $0.02
It only helps if the people who write future variants are lazy...so I guess yes, it will help with there not being versions A-ZZZ of the bagle virus, but the serious ones are still going to be out there.
It already takes very little time for them to catch most variants these days. My software (AVG) is usually a day ahead of any of the major news organizations on having the fix for any new virus out there. The new, creative, and dangerous virus are the ones that worry me not the 200th version of netsky that shows up.
Perhaps the best way to control the spread of virus is to reverse engineer the OS/program that it is targeting...create fixes proactively and don't allow the exploits to be found in the first place. But there's probably a law or two out there that prohibits this kind of stuff, eh?
I think so Brain...is the virus protected by the DMCA and the other various software laws that prevent reverse engineering? If so, who is really in the wrong here?
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
and it has been in almost all virus protection and scanning programs for a long time.
dumbass
Maybe it'll at least give us viruses (viri?) that consume less system resources. Release more efficient viruses. That will fix everything.
Yup. Suck it.
Now, just wait for the authors of the Beagle virus to slap them down with a lawsuit for reverse engineering their software. Something to the effect of:
"You have violated the License Agreement of the Beagle virus through your reverse engineering activities. Your publication illustrating how to do this is a clear violation of the DMCA and induces others to also violate their license agreement. Please Cease and Desist all such activities and prepare to see us in court."
--
Not free as in effort, but I'm willing to try it.
Free Flat Screens | Free iPod Photo
infested with jello like fishes no melotron wishes
Virus are not protected by copyright, patents etc. ... that is what Compaq, Phoenix, and the others had to do with BIOSs and people emulating Windows, Unix etc had to do, otherwise, they would just be copying from the original and rewriting (trivial in comparison). Let's start using the appropriate terminology.
Reverse engineering is when you disassemble and recreate a the original source (which they did) -- the easy part. Then, the hard part is to create a set of specifications without referring to the original code or snippets, then handing that over the "wall" to someone who has not been exposed to any of the IP of the original and rewriting the code from scratch
I'd just like to say that this guy's e-mail address is the best villain name ever. Come on... Krozinov!
So awesome.
Readers of Slashdot.com are often influential in their company's purchasing decisions.
/.
Actually, I am influential in my companies purchasing decisions. Unfortunately I never get around to approving the purchase orders because I'm always reading
So is this legal under the DMCA? Someone just had to ask.
Think Deeply.
Coming in a packet near you, from the EULA of the future:
......
By connecting a computer to the internet, you hereby agree to the terms of this agreement (hereafter referred to as "deal with the devil") for this software (hereafter referred to as "CPU sucking nightmare")
Won't surprise me if virus/trojan/worm/spyware writers use IP law against those that would hope to rid the world of their menace.
Two wrongs don't make a right, but three lefts do.
Wouldn't the first goal be writing applications and operating systems to be more secure than they are now with ordinary common sense designs? You know, like not tying userland software to the OS in incestuous ways?
Simple stuff like that...
Get rid of IE and get rid of Outlook Express and you get rid of 90 percent of the threat.
This would be a plug for Linux, as I use it daily, but there are things that Windows users can do to keep from being screwed every day. If only Mickeysoft helped their users rather than write crap software.
--
BMO
It would seem a better defense to use whatever reverse engineering tools are available to fix the application. Things like Purify etc. are of some use for many common problems.
Adding additional/patched code onto a virus/worm sounds like dangerous business to me. Suppose you didn't do everything exactly right, you are now responsible for releasing a new virus into the wild.
Or... Dissassembly For Dummies.
-phixxr.
ungggghhhh
To borrow the medical anology, pathology of a virus is important but this alone will not create a "cure". You may understand completely how a virus works but this alone does nothing to hamper it.
To even be more suscinct, if all it took to stop a virus was to reverse engineer it (ie. pathology), then we'd have things like AIDS, Herpes, etc. beat long ago. We clearly understand how these things spread yet infections still happen. Likewise, we already know a lot how virii spread on Windows and form best practices and yet comprimising still happens.
You heard me.
No comment.
Back in the DOS days, the fact that code on a floppy header or something would get executed on insertion was a problem. Solution, don't bring that into memory for execution.
Word, at a point, by default, would execute macros on load of a document. Don't bring in code from a document and execute it.
In outlook, looking at email can cause JS to execute which may have it's own problems due to the implementation of js. Don't execute the JS.
Don't try and figure out how viruses work. Figure out what they exploit and close them up. Duh.
-
ping -f 255.255.255.255 # if only
This article and others detail SCO's failed attempt to support its claim to ownership of Linux with its claim that it (SCO) owned ELF.
I believe it is the case that SCO is only claiming ownership and suing people over the VR5 Unix source and derivatives (aside: what exactly SCO owns of VR5 and any of its derivatives, or even what those derivatives are is under intense debate, as you may have noticed). Pre-VR5 elements of Unix (IIRC) are not being contested by SCO.
Yeah yeah yeah it's a long way to go for not much payoff. But maybe the ELF fuss inspired the author to have a little fun by shoving SCO's nose in the fact that ELF was pre-VR5...?
"Stop throwing the Constitution in my face, it's just a goddamned piece of paper!" - George W. Bush Nov. 2005
Why reverse-engineer? Most malware is put together by script-kiddies from parts they get from elsewhere, and a lot of information is publicly available. If script-kiddies can get their hands on it, so can you.
Please correct me if I got my facts wrong.
I've Googled and been unable to tell if the Prescot P4-E has the NX, XD, or whichever acronym anyone would like to use to signify the No eXecute/eXecution Disabled stuff.
All that I come up with is that stuff "late this year" from Intel will have it, and that AMD64 has it.
500GB of disk, 5TB of transfer, $5.95/mo
I would like to thank the author of that paper for making it abundantly clear to me that I am not smart enough to operate independently in today's technological environment. I would like to take this opportunity to bow down before my compsci-savvy overlords swear to just mindlessly accept whatever code they produce.
-Pinkoir
3 points: .vbs ones are that way) to latests Bagle or Netsky variants, that even have the source attached.
- knowing how it technically works dont disable the social engineering component, very trivial worms were very sucessful just for that.
- there are a lot of worms that have the source available in a way or another, from the first ILoveYou worm (well, most
- Some worms also are maybe simple exploits of software vulnerabilities or weakeness (mostly MS.*, but there are some for other developers and operating systems). What must be understood there is not the worm source, but what it exploit and why that software is used.
Viruses and worms exist because security models and implementations have vulnerabilities.
You see so many Windows viruses and worms because Microsoft's security model has some very basic flaws. Instead of dealing with them, Microsoft relies upon 3rd party anti-virus companies to issue very specific "patches" for each virus that comes out.
Instead of figuring out how worms work by reverse-engineering them, we can also get smart, read a security list, figure that most of the problems we have come from using insecure programming languages, and switch. It's not like there aren't better options than C and C++.
Please correct me if I got my facts wrong.
I've got to be missing something here. Reverse engineering worm/virus code with tools like IDA Pro has been actively done by the anti-virus community for 17+ years. In November 1987 when a virus hit us at Lehigh University (where I worked at the time), a bunch of our students helped out by disassembling the virus and writing a piece of software to prevent it from spreading further.
And we didn't feel that this was even groundbreaking work back then...
What am I missing here?
Cheers,
Ken van Wyk
Does every slash dot post always have to degenerate into anti-DMCA rants!
Don't you think that there are other places you can talk about that?
Yes, we all know that the DMCA is flawed and will have to be changed. Can we not talk about anything without being reminded of that?
Oh, I suppose someone will bring up George Lucas too, another favorite (and inane) slash dot topic better discussed elsewhere.
One interesting point of the article -- The Bagle virus seaches the hard drive for email addresses to send itself too. If Outlook, Mozilla Mail, and other email clients used encrypted contact lists, that would prevent a lot these worms from propagating. I hope that's something that email client vendors will look at.
Reverse-engineering takes time, and can only start when the worm is already out. It's guaranteed to come too late. Switching to secure technologies before the exploit comes is the only way to stay ahead.
Please correct me if I got my facts wrong.
Most worms these days scan IPs to find other exploitable hosts. I always thought we should look for exploits in the worm's scanning engine and then attempt to crash it by responding to its scanning requests with data which would do something like exploit a buffer overflow or off by one attack. These crashing response daemons would be located on systems which don't normally take requests of the service type the worm exploits. That way these would be very unlikely to affect anything legitimate. A worm whose scanning code has been crashed would be unlikely to infect other systems. It's also unlikely that crashing the scanning code would affect other services on the infected machine, limiting the legal liability of such a thing.
I've had some luck against people scanning web servers for formmail.pl scripts. My formmail.pl sends random data without any CR or LF. One script so far accepted 2gb of data before disconnecting.
Could a virus author, on his way to jail, sue your butt off for reverse engineering their code, if he/she put "copy protection" (obfuscation) in it?
I remember when the RTM worm first appeared (was that '86?) and several Berkeley students stayed up all night decompiling it (this was VAX code so it was a bit more manageable). They posted the source code the next morning with bug fixes, including the critical one that turned the worm from a slow-moving annoyance to a rampaging network-killer...
The key to manipulating anything is to understand how it works. Since viruses and worms are just "bad" programs or pieces of code that manipulate other programs (eg. MS Outlook), there should be no reason why you couldn't reverse engineer then. Assuming they can be found.
I thought those methods were already used? What to companies making anti-virus applications to to understand viruses?
Antivirus companies have been reverse engineering viruses for like, ever. Asking "how do you do that" reflects some amount of ignorance in this field, which then kind of removes any sort of weight the paper's conclusions might have otherwise had.
Hardly a "research" worth posting, although nevertheless an interesting school paper subject.
10 or so years ago I used to do a lot of assy code and Reverse Engineering. Found ways around software keys, etc.
At a company I was working for, somehow someone downloaded a boot-sector virus (BBSes- we didn't have Internet there yet.) My biggest clue came when I tried to just read from a write-protected floppy, and I got "write-protect" errors!!
I forget the virus's name, but it's still detected by current CA, Norton, etc.
Getting to the point: I used "DOS's" "debug" and "Sourcer" to reverse engineer- mostly debug, in script mode, dumped out the reverse assy. listing, and just followed it.
BEWARE! (1) The virus had several do nothing loops which would waste your time and drain your patience.
(2) early in execution the virus would trap INT1- the single-step interrupt, and point it wildly into RAM somewhere, thus crashing your machine when you try to single-step (Trace) in debug! Look at the listing first, find that INT1 trap, and jmp around it.
(3) the thing that started me hating MS: the virus used many undocumented DOS calls!!!! The power to embed and replicate was in DOS!! I'm not kidding. I don't know why that functionality existed in DOS and I forget if it's in my "Undocumented DOS" book. I just remembered being so disgusted (angry maybe) that I determined to move toward *nix, found Linux, and have been very happy ever since (except when people ask me to help with Windoze problems, but that's another issue...)
Happy "Debugging"!!!!
The best way to stop the current ones, is to analyse their network usage, and block it. I did it last week, and our network is stable and not spewing filth everywhere. :)
Simple answer: No.
The worm (or virus) is already out in the wild. Seeing how it works won't stop it.
But seeing what it exploits might.
There is a 99 percent chance that the worm/virus will exploit a known hole in the target application/operating system. Nowadays, these exploits have come much, much quicker than in the past. It used to be a few months before a hole was exploited; now it can be just a matter of hours.
What would impress me is if they reverse-engineer a worm/virus and find that it exploits a hole that was unknown beforehand. Now THAT would show some intelligence on the part of the author (if not any ethics). The 'kiddie-scripters' that mutate the source code from a worm/virus and just hex-edit their initials into it aren't very creative at all; just adolescant vandals who want to make their mark with their brethern vermin in the dark underworld of the Internet.
It's not that virus/worm authors are anything to be emulated. But you have to respect them. Like you have to respect terrorists. You may lothe them, but you have to respect them.
However, reverse-engineering IS useful. It is forensics. Someday, maybe soon, the forensics team will be able to catagorize and maybe even identify the author of a virus by the way it is written. Currently, it is helpful in finding those security holes, so they can notify the authors of the program being attacked.
Let's face it folks. Programming is still more of an art than a science. We imperfect human beings are trying to write perfect code, because the computer does exactly what it is told to do. We humans don't operate at that level very well. So we write imperfect code; something that can be eventually exploited given time and resources of anyone willing. It's gonna happen, whether your code comes from American, Indian, or Ukranian programmers. There are evil people out there, and they are going to check the doorknobs of every program to see if they can get it and cause trouble. Until someone comes up with a source-file hole checker, be prepared for more worms and virii.
OK, I'm done ranting.
> Can Reverse Engineering Help In Stopping Worms?
If you're running Windows, no, the only thing that can help you is to format your hard drive and install Linux. It's not enough to just buy a computer and log on and hope that Microsoft did their job and that Windows will protect you, because I am here to tell you the same thing that millions of others will tell you... Microsoft didn't do a good job and Windows won't protect you.
Windows, whether you choose to believe it or not, is the worst OS on the planet. Microsoft Windows makes it rather easy for a hacker or script kiddie to break into your Windows machine and steal your personal information or install a keylogger or mouse mapper. A keylogger keeps track of all the keys you press and sends this info to the person who installed the key logger. A mouse mapper collects info about where you mouse cursor is at any given time along with which mouse buttons you press, this info is also sent to the person who installed the mouse mapper. Windows also makes it far to easy to catch viruses/worms/trojans/malware/spyware/etc. If you are using Windows and you haven't become a victim of identity theft, it is only a matter of time before you do.
Besides that, Microsoft lies, cheats, and steals to promote their company - they even got caught trying to fake evidence in court. Their "Get The Facts" campaign is the biggest bs-fest I've seen in a long time. Does this sounds like a company you want to do business with? Do you really think such an untrustworthy company is going to help you or indemnify you if your Windows operating system causes you to get into trouble?
Here are some facts:
Windows is just full of problems and here is how to solve those problems. First of all, you need a good Linux operating system. You can go to Distrowatch and find more information about Linux distributions than you could ever want. You can also go to the Mandrakelinux website and check out their Linux distro and see some screenshots of Mandrakelinux.
Secondly, learn about your computer. You paid money for it, and you trust it with personal/private information. You must learn how to protect your computer if you expect your computer to protect the information that it contains. Microsoft Windows is not going to protect you or your computer - as many people have already learned.
It is not in your best interest to use Microsoft products because they are known only for failure and problems. Switch to Linux and learn about this awesome operating system. You'll thank me later
i'd never heard of Purify, just things kinda like it, but after reading some pages on it - damn, thanks for the tip :)
It's well-known that a parasite that kills its host damages its own chances for survival or reproduction. A germ that doesn't make you sick enough to stay home from work leaves you in able condition to cough that germ all over your coworkers. One that kills you right off has a much decreased chance of spreading to those people ... that is, unless your town is in the habit of leaving corpses lying around.
If germs in corpses are able to infect the living, then there is much less "incentive" for germs to leave their hosts alive. If, on the other hand, your civilization isolates corpses, especially obviously infectious ones, then being in a corpse becomes a bad replication strategy for a germ.
This is clearly a way in which human cultural practices affect the evolutionary environment of infectious disease organisms. Under medieval conditions, the Black Plague was pretty darned optimal as a survival strategy. In isolated villages in Congo, the Ebola bacterium can leave messy, nasty corpses lying around and still survive. In places with more effective medical response, that would not be a very effective survival strategy.
What is the analogy to computer viruses? Right now, large portions of the Net have ridiculously crappy "medical response" to computers that are effectively "killed" (rendered useless) by virus and worm infection. Most commercial ISP networks are, to the unprotected Windows computer, the equivalent of rolling around naked in medical waste. This septic environment, in which dead and dying bodies are left to rot and spread their infections, just promote viruses that completely overwhelm the host.
Moreover, the average Windows system and user have the equivalent of terrible hygiene practices. Personal hygiene, in the real world, means that you avoid filthy things when you can; you wash when you've come into contact with them; you wash regularly even if you don't think you have filth on you; and you make sure not to mix filth with your food. Public hygiene means that your society keeps filth and corpses away from the food supply, and keeps rotting garbage off the open street. When these practices break down, you get plagues.
How to prevent this? First, some rudimentary public sanitation would help -- when a system is infected, it must be quarantined and prevented from infecting others. Second, computer users must learn to choose software which has good sanitary practices -- isolating untrusted data ("filth") from the system software ("food") and making sure to clean up those parts of the system that come into contact with the filth.
Can Windows do this? I don't know. The SP2 firewall settings are an improvement. However, it is still a system with terrible hygiene, since user software which handles filth routinely runs with administrator privileges that have access to the food supply. Ick.
I've actually read the article, and wonder if some people are taking a little too seriously...
While it is a well written and interesting discussion of reverse enginnering a virus, the writers admit they hadn't really done any reverse enginnering before this project at all. Also, how exactly did everything think that Anti-virus writers have been tracking what viruses do and how to kill them? Any major virus is of course disassembled by the antivirus writers so they can decide how to remove it, espically now many viruses are polymorphic.
On the other hand, getting hold of those reverse enginnerings is obvious quite hard, as there is no good reason to give them out. Perhaps this suggests there should be more openness?
Combination - fun iPhone puzzling
Even by the most conservative count, Linux has a few million users. That's more than enough to support a virus population.
/. would be enough to start a major Linux virus.
Even the old MS-DOS machines had a viable virus population, although the viruses, for the most part, had to be hand transported via floppies to each machine.
With network enabled machines, it should be even easier to spread viruses. And it is. Just look at all of the Windows viruses, worms and trojans that are out there.
If Linux was as un-secure as Windows, a simple link on
Microsoft VM has to do all the wierd code-changing that VMware did, because the x86 can't be completely virtualized. And it has to emulate the I/O devices. There are probably bugs in the VM that can be exploited, most likely in the I/O area. Try wierd DMA operations, and poke around in device address space, until the real machine crashes. Then you know where to look for a vulnerability.
Someone should put in a software patent application fo "Malicious software that spread itself over computer networks to steal and/or destroy information." After that we'll just sue the virus coders!
I am not really sure the need to reverse engineer virii because most are released to public already. Talented virus writers seldom release their work into the wild but rather simply create them to reveal weaknesses in software. It is then a "script kiddie" who takes the code and releases into the wild. As we all know this is often an effort to simply look cool. This being the case it might be more practical to just pay attention to security sites than to mess with virii that have already screwed people over. The paper does look interesting though.
Maybe I should try to find new ways for viruses to spread, hide themselves, etc., but not write a virus, but patent them. I'm sure a virus writer will not check any patents, and then if some new virus is spread and the one who has written it is caught, I'll sue him for royalties.
Thinking about it: Given that it's obviously possible to sue someone for just running patent-protected software (think GIF!), maybe I could even sue everyone infected with the virus, at least if the virus needs user interaction (like, clicking on some attachment) to spread?
Hmmm
The Tao of math: The numbers you can count are not the real numbers.
We can all go to the av sites and get the full rundown on a virus or worms methods of propogation and replication, plus the payload it carries and just write something that does exactly that...
Preferably in Forth....
Pay no attention to that man behind the curtain.
... you only have to put an EULA on your virus to make AV enterprises go illegal by doing reverse engineering.
Your head a splode
I think one reason why RCE is not done as fast as it potentially could might be that there are just fewer and fewer programmers out there who are able to quickly read, analyse and understand assembly code. Because they're simply not familiar enough with it.
;-p /trolling) So, yes: RCE is usually done from assembly code.
One obvious but irrefutable idea which arises from this article is that while we're almost all writing in hi-level languages nowadays, the final code is still in assembly. (Ok, that's not quite true for Java and the like, but let's focus on decent fully-compiled languages!
Now, how many IT schools are still providing decent assembly courses? The fact is, we don't need to understand assembly nowadays to become a programmer. Most of my co-workers just have no idea what assembly is, or even how a binary number looks like. Incidentally, it does sometimes show up in the way they're writing code in hi-level languages. For instance, they would write "x/4" when I would write "x>>2". But then again, who cares? Today's compilers should optimize that by themself, anyway. Ok, enough digression.
My point is that an efficient RCE requires very specific competences, including but not limited to a very good knowledge in assembly and some months -- or, better, years -- of practice. This last point is important. Assembly coding being wild by nature, I believe it requires much more practice to be able to detect common structures, common tricks, etc. If you've just learned a trick without using it, chances are that you will just miss it in a foreign piece of code. (A "trick" being produced by either a hardcore pirate still directly writing in asm or the compiler used by some script-kiddie.)
And finally, one reason why many white-hats among the virus-fighting-gang actually are former black-hats might be that not enough IT schools are providing a formation which is sucessfully matching the above criteria.
The problem with Slashdot memes is that YOU INSENSITIVE CLOD!
If you REALLY RTFA, this is about malware / viruses (there is no such word as virii) that require human intervention - the nasty stuff that idiots click on due to simplistic social engineering. This is not about malware that (for example) go in via the RPC hole or other vulnerability.
The POINT is that copycat versions may be caught by looking at how the original works and what it does in general rather than some kind of binary pattern match like the current generation of AV does.
Many of the AV vendors claim that they have code that can detect mutated versions of malware, but in practice they never do.
Just curious, why can't a virus be protected by the American DMCA if it has obfuscating techniques making it difficult to understand how it works ? Reverse engineering and publishing the results seems to enable the bypass of the virus protection.
... well... "legitimate(?)", but apart from this, is there any legal ground to allow virus reverse-engineering ?
So OK, a virus is "BAAAAD", while a DRM system, is
Open a port to the infected machine and you can control the virus before it cripples your network. If the Symantec's and McAfee's are reverse engineering the viruses they could quickly publish a "shoot_the_sucker_dead.exe" that would open the back door and cripple the luser's machine or simply run the delete and die code that's already in the virus.
Well realistically they won't do that because it spoils their business model. They need the new variants so that they can preach "16,000+ viruses detected by Foobar AntiVirus v17.6". If we could shoot the crap dead quickly we wouldn't need Foobar AntiVirus v17.6 or have to buy the new super Foobar AV V18.2 for 2005.
Currently the worst part of viruses, for me, is the hundreds of copies of the damned things that arrive in my inbox, because some luser clicked on a bogus, dumb attachment in a note from someone they don't know with misspelt text and a crap subject line.
Sigs. We don't need no steenking sigs.
"Dennis, there's some nice filth over here!"
:)
Which actually does have some real-life parallels to the Internet, if you think about it
..Christina Cifuentes (and her thesis) is who you want to talk to.
Nah, all we need to do is to deploy skynet.
Y
Ohh crap...!
"So there he is, risen from the dead. Like that fella, E. T." - Father Ted Crilly
I thought reverse engineering was illegal in the USA...
Antivirus vendors usually need 48 hours to dissect a virus and describe most of its internal workings. So, what's the point one might ask.
;)
Well, this document is a complete primer on how to disassemble an unknown (smallish) program in a sandboxed environment. Anyone who ever wanted to learn this skill should give it a shot. Who knows, you might end up working for an antivirus company soon
For Lucent however, this was a complete waste of 10 weeks of engineering skill of three people minus the publicity effect of this stunt.
--- Eat my sig.
For years, we've been told this or that is a violation of the Digital Millennium Copyright Act. Now the mainstream is trying to use techniques supposedly forbidden under the DMCA against propogators of malicious code. Do I smell hypocrisy?
On vit, on code et puis on meurt.
would it not be against the dcma to reverse engineer a worm :-)
http://www.petsplaytime.co.uk/products/bob-martin- wormers.html_ on_Worming__Re view_5366862_ on_Worming__Re view_5043243e sults?query=wo rms&filter=mywebmd_all_filter
http://www.ciao.co.uk/Member_Advice
http://www.ciao.co.uk/Member_Advice
http://my.webmd.com/search/search_r
When you start dreaming about work, its just as well to find distractions....
My hyperlinks aren't worth the paper they're printed on.
Don't they these days have the sourcecode compressed in the executable?
I recall hearing somethig about this, that was used in some of the most popular viruses to make it harder to find the author of the virus.
Change is certain; progress is not obligatory.
I'm not sure but it can help to find security issues and/or backdoors, very usefull! If you look at MS you will find only security by obscurity. my 0.02 cent
Do virus writers retain the copyrights to their code? If so, is reverse engineering a virus legal? Has anyone seen a virus with a license agreement?
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." -
these thoughts and more on my post on wormblog on the subject.
Caterpillars aren't worms.
As part of the younger generation, I can definitively state that it is a right royal pain in the arse to get any decent understanding of how a system works. I'm attempting to deal with this by learning assembly language and running linux, but finding the relevant information is at least as time consuming as actually learning it.
For the love of God, please learn to spell "ridiculous"!!!
Basically, they're saying:
I pick a random m, then compute:
c = m^d (mod n)
I give you (c,m) and you verify that c^e=m (mod n)
Their claim is that this proves that I know the private key, d
But, I say:
Pick random c, compute:
m = c^e (mod n)
I give you (c,m), you verify that c^e=m (mod n), and you belive I know the private key, d, which I clearly do not.
Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants?
Or more importantly, can reverse engineering a computer virus get you in trouble with the DMCA? Could the virus writer then turn around and sue you? Seems like a plausable scenario and a valid income stream to me, if an extremely unethical and twisted one... Imagine the corporate virus-writing teams hired to take down a smaller rival, and the other guy not being able to counter for fear of being sued.