alt.comp.virus Historical Hall of Fame, et al

[null]

On Sun, 14 Nov 2004 17:23:33 +0200, Zvi Netiv

To summarize it for you: Overwriters aren't viruses by Bontchev's standards
because a) they are Trojans and can't simultaneously be both,

That's sheer nonsense. Viruses often qualify under the definition of
Trojan. Viruses can be and most often are both Trojans and viruses.


Art
http://www.epix.net/~artnpeg

 

[Zvi Netiv]

On Sun, 14 Nov 2004 17:23:33 +0200, Zvi Netiv



That's sheer nonsense. Viruses often qualify under the definition of
Trojan. Viruses can be and most often are both Trojans and viruses.

Tell then Bontchev that his assertion is sheer nonsense!

How do you explain that no info sheet from a serious AV producer contains a
category named Trojan-virus (or virus-Trojan), and every and any malware in
either categories is either classified as the one, or the other, but never as
both?

Please specify some genuine Trojan (i.e. not combined, like a Trojan infected
externally by a virus) that *fully* qualifies as virus (per Bontchev's
criteria), or vice versa. Blended threats do not qualify, naturally.

 

[Roger Wilco]

By definition, a Trojan horse is a program that claims

Implementation: REGEDIT, when "infected" by an overwriter becomes a Trojan by
the name of REGEDIT, by definition. When the REGEDIT Trojan is run, then it
will create further Trojans, by overwriting other programs, that will become
Trojan on their own, say WORDPAD, or MSCONFIG, and so on ... Each generation on
its turn qualifies to the definition of Trojan, and is therefore a non-virus by
Bontchev's own definition, since it's a Trojan.

Where does that say it can't be both simultaneously? I guess you adhere to the "other" definition of "Trojan" that many
AVers use - "any non-replicating malware". Even according to the above definition (a program with intent no less) appenders,
prependers, and cavity infectors are trojans. If the trojan's 'intentionally' harmful function is to replicate its
replicative code it is a virus aswell.

 

[null]

Tell then Bontchev that his assertion is sheer nonsense!

How do you explain that no info sheet from a serious AV producer contains a
category named Trojan-virus (or virus-Trojan), and every and any malware in
either categories is either classified as the one, or the other, but never as
both?

Apparently, it's at at least partially due to the penchant some have
to insist on exclusivity. Why they feel the need to identify some
malware as _only_ one type is beyond. me. It just leads to confusion.

OTOH, I see no need for a term like Trojan-virus. Replicative code
that satisfies a good definition of "virus" can simply be called a
virus. No need to get involved in that case with the subjective
judgements involved with Trojan definitions. It simply goes without
saying that most often inclusivity is involved ... that a virus
presents itself to the user as something it is not ...(or some other
suitable Trojan definition) .... and therefore it's also a Trojan.

Seems to me the av companies do just that. If a sample of malicious
code meets the definition of virus it's called a virus. Period. They
aren't necessarily insisting that the sample isn't also a Trojan. It's
simply that there's no need to state the obvious ... that it's
probably (but not necessarily) a Trojan as well.

Anyway, it was _your_ insistance on exclusivity (in the context of
definitions) as part of a argument that I took exception to.


Art
http://www.epix.net/~artnpeg

 

[Zvi Netiv]

"Zvi Netiv" <support@replace_with_domain.com> wrote in message

By definition, a Trojan horse is a program that claims

I guess you adhere to the "other" definition of "Trojan" that many
AVers use - "any non-replicating malware".

I know of no AVer that uses that "other" definition, and suggesting that they do
is an insult to their intelligence.

Even according to the above definition (a program with intent no less) appenders,
prependers, and cavity infectors are trojans.

Cavity infectors do not replicate? Where from do you take that nonsense, and
what would you call CIH then? A Trojan?

If the trojan's 'intentionally' harmful function is to replicate its
replicative code it is a virus aswell.

Says who, you? Unless you can substantiate your assertions and claims from
undisputed work(s), like I did in my previous post.

I find the continuing of this discussion to become boring.

Zvi

 

[Roger Wilco]

Cavity infectors do not replicate? Where from do you take that nonsense, and
what would you call CIH then? A Trojan?

The above definition of trojan does not say "does not replicate" anywhere within it. Viruses when infecting a file by adding
their code within the file structure have made trojans out of previously legitimate program files. The reason AVers don't
call them trojans is because they feel it is more important to note that they are viruses (even though they are still trojans).
How can files named "blackbox.class" or "verifierbug.class" be called trojans since even their names indicate unknowns
or even somewhat betray their "intent"? Because they are non-replicating malware AVer call them trojans even though
they don't conform to their very own definition of trojan in some cases.

I certainly didn't mean to insult AVers that come up with alerts like "...infected with the trojan backdoor virus".

Says who, you?

Yep.

Unless you can substantiate your assertions and claims from

undisputed work(s), like I did in my previous post.

I think you misread what was written because of preconceived notions you had about what trojans are.

I find the continuing of this discussion to become boring.

Yet you keep coming back...

 

[Sammy]

I would have to respectivelly disagree with this statement. Raid's
viruses were in fact, by all accounts viruses. They outsmarted Zvi's
programs a few years back so his retort has apparently to claim they
were in fact, not viruses; As it were!

I said AV companies were padding the virus counts years back when NuKE
was still active. Funny thing was at the time no AV developer or
researcher would admut it I reverse engineered a number of the virus
scanners of the day and found the number of viruses they scanned for
just didn't match the number of search strings in the code. McAfee had a
discrepancy of over 400 in one version of their scanner.

Screaming Radish

As a former Vxer yourself, you should have noticed this somewhat
amusing play on words and definitions.
Bye Bye,
Sammy - Sailing the world of mp3s.

 

[Dale Beaudoin]

Important to Know

It is important to know that Kurt Wismer was one of my original trainees in the early days of malicious code removal.

It is true , I am immortalized in the Hall of Fame .. but that story has really been blown out of proportion. The virus in question was plagarized from the old Fido Echos that have now been obsoleted and that Kurt Wismer had wiggled his way in there as moderator. I was first invited to Virus Discussion by an NEC of FIDO. They were concerned because the echo was dying and there was virtually no activity - meaning the echo base was dead. I was asked to revive it (which I did) and you will never here Wismer or Fewster admit to this. Subsequently, I was then invited to VIRUS_NFO where I published my postulate, The Ramified Theory of MathClanking Engines.

What Kurt did not tell you people was that over $250,000.00 was spent to write that virus and name it after me. It was then delivered to Eugene Kaspersky who now runs one of the largest AV sites on the globe.

It was brought to my attention that elements of F-Prot (Now F-Secure) were invloved in the writing and financing of that virus (DBCE.3403)

My general paper , an antithesis to the Dynamics of Computer Virus Replication, was also plagarized (The Interceptor Theory) and is now known as modern IDS guard technology.

One thing I have learned about posers pretending to be security people is that they can never really be trusted. This proven out by aka Rod Fewster, a self styled security agent that sits on both sides of the fence, preaching security from one side of his mouth while protecting hackers under his wing out of the other side of his mouth.

So , just setting the record staright , and contrary to the machinations put out by K.Wismer. I had nothing to do with any writing of that virus and my bannishment was the result of asking a simple question of Steven Gray.

"What is computable of Computer Virus".



Have a safe and hacker free day.

Dale f. Beaudoin

 

[Dale Beaudoin]

Clankswerks

And since the earlier days of malicious code removal I can still confirm that virus/trojan or what ever other form of malware, can be considered "clanskwerks".!

Eventually , people will discover that a man's enemies are within the framework of his own Microsoft Office.

It's been well over 15 years and the PC security problem was never really adressed from scratch, and , appears that it will be for some time to come.

db