On Fri, 03 Sep 2004 11:19:41 +1200, Nick FitzGerald <[EMAIL PROTECTED]> wrote: > �ber GuidoZ wrote: > > > ... If you want to email me a copy of it, I'll > > rip it apart and see what can be seen. > > And world plus dog should entrust you with such material because??? ... most viruses, trojans and malware to not store copies of stolen data in their executables. Furthermore the file size is very small.
> > P.S. Send it to [...] - it's my "catch all" for > > virus/unknown files. Just be sure to ZIP it up or else the web host > > won't let it through. Otherwise I have disabled all checks/scan. > > Downloads directly to a secured Linux box. > > That's all very nice, but alone, far from the makings of someone to > entrust arbitrary, suspected malware samples to. "Entrust", just what exactly are you thinking you might be giving away? > I'm also rather suspicious of your promotion of Virus Total. Hispasec, > as far as I can tell (Spanish being something I have to have translated > via online services), has no antivirus or similar product of its own, I do not necessarily trust this company or their service. Having said that, if they produced their own Anti-Virus package, to put other vendors scanning engines in a publicly available service would either be damaging to their business, or considered anti-competitive. > yet it has set up, and some folk seem to be promoting, what is > effectively a sample collection mechanism. I've also heard vague > rumblings that Hispasec/Virus Total does not have suitable licenses for > at least some of the scanners used in its service (and strongly suspect > that several of the AV vendors whose products are currently used would > not allow their products to be licensed for use in a service of the > kind Virus Total offers anyway because it paints a rather disturbing > trust picture -- "You can trust me because I can run a virus > scanner..."). Again, you suspect allot of deception here, and while it is of course possible you are correct, I have yet to see this ever done in practice. Samples of non-data carrying viruses or trojans are of little use to anyone other than Anti-Virus firms, as it is easy to collect raw source for most if one is so inclined. I agree that it is unlikely they have sufficient client licenses to provide such a service; however I can see that there are a great deal of arguments in law about how their case may be won. They may for example only be required to carry one license, they could argue that they are simply allowing users to deliberately infect their systems, and making portions of the logs publicly available. If there are viruses which commonly copy target system data, or sensitive data into their binaries at the present time (I imagine the mention of this deception may well spring at least one such virus) then I apologise that I am not aware of it. If the report of the virus name in question is accurate (which IIRC it has been now verified by someone else) then the binary is not carrying sensitive data. Having said all of the above, your concern is not mis-placed, and if you feel uncomfortable with any such possibility of giving away a minor amount of data, then certainly make good your freedom and choose not to do so. There is always no need for aggressive statement of suspicion, which you are close to here. While I understand aggression due to anger, I am concerned that one should not get angry at someone offering them a service merely because one is suspicious of them. What if the offer of help is entirely genuine? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
