Rick, While I agree with you that using the EICAR test file to demonstrate how A/V software will react when it finds a virus... The EICAR test file doesn't demonstrate to end users just how nefarious a trojan can be...
Bionet is common script kiddie trojan builder... The included capabilities allow a controller to upload and download files, record keystrokes, activate the microphone, or even activate an attached web cam if there's one available. Plus you can run script files either on demand or at scheduled times... With Bionet, a person can literally do anything they want to your PC... Now, it's one thing to tell a user... "A script kiddie could do anything they want with your PC and data" and it's an entirely different thing to show them just how easy it is.... Really, it puts the fear of God in the end user when you can demonstrate to them that it really can work, much more so than just telling them... OTOH, it's also good for administrators and security professionals to learn how these tools work. It may not be 100% necessary to understand the tools to protect your computers and networks, but it certainly does help. Of course, all due caution should be used when playing with this stuff. Keep it off any network or machine that you care about losing. Use at your own risk... Your mileage may vary... Wash your hands in warm, soapy water for at least 60 seconds when finished... Etc. Joe Pochedley A computer terminal is not some clunky old television with a typewriter in front of it. It is an interface where the mind and body can connect with the universe and move bits of it about. -Douglas Adams -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Monday, June 13, 2005 12:04 PM To: [email protected] Subject: RE: [ActiveDir] Bionet trojan, I understand the reason for your request. And, it's admirable that you want to insightfully inform your user base. However, looking for live virus or Trojans is not the way to do it. If one wants to show how things can go horribly wrong, controlled environment or not, this is likely a good start. What I'd suggest is to make use of the EICAR test string. All AV programs that I know of will respond to it, and will respond as if a real virus had been detected. IMHO, this is the safe a proper way to do virus and Trojan awareness training for user and response team staffs. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of rubix cube Sent: Monday, June 13, 2005 3:22 AM To: [email protected] Subject: Re: [ActiveDir] Bionet trojan, Ok my apology, didn't realize it will be taken this way. I am a network administrator, and we are planning a security awareness campaigne, this demonestration will be a part of training for the staff to see the secuirty risks they can be into when opening an attachement that they don't know about or executing a file. ( I have it now). I had a nobel cause so I asked a nobel list thats all, no offense for the list. r.c. On 6/12/05, Tony Murray <[EMAIL PROTECTED]> wrote: > Jorge's right. Please contact me off-list before posting something > like that. There's off topic and there's off topic, if you know what I mean. > > Tony [List owner] > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de > Almeida Pinto > Sent: Saturday, 11 June 2005 11:15 p.m. > To: 'rubix cube '; '[EMAIL PROTECTED] '; > '[email protected] ' > Subject: RE: [ActiveDir] Bionet trojan, > > In my opinion this list is not the place to ask for stuff like that. > But hey... that's me > #JORGE# > > -----Original Message----- > From: [EMAIL PROTECTED] > To: [email protected] > Sent: 6/11/2005 11:42 AM > Subject: [ActiveDir] Bionet trojan, > > Hi guys, > Can any one send me the BioNet trojan, I am condcuting a training > session and I want to demonstrate for the staff how this works. > thanks > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > This e-mail and any attachment is for authorised use by the intended > recipient(s) only. It may contain proprietary material, confidential > information and/or be subject to legal privilege. It should not be > copied, disclosed to, retained or used by, any other party. If you are > not an intended recipient then please promptly delete this e-mail and > any attachment and all copies and inform the sender. Thank you. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
