Why would any virus writer do this? This leads a clear audit trail that would lead the authorities directly back to the creator.
I suppose it wouldn't be a bad thing if the virus author was looking for some free room & board for the next 5-10 years. Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "Richard M. Smith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, September 01, 2003 6:38 PM Subject: [Full-Disclosure] Tracking a virus by logging infected machines > Hi Jason, > > >>> Is there any way to determine who the winner is? > > Not that I want to encourage virus writing, but I think it would be very > helpful to gather infection statistics if a virus were to keep a log of > the IP addresses of all the machines it infected. The log could be > appended to the end of the executable file of the virus. Each copy of a > worm or virus would contain a record of one branch of the tree of > infected machines. > > To make a log easy to locate and extract, the log can start with an > easily identified string such as "VIRUS INFECTION LOG\n". IP addresses > should be recorded in ASCII with a \n between each IP address. > > Richard > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
