flat assembler
Message board for the users of flat assembler.

Index > Feedback > Ban malware writers?

Goto page 1, 2, 3, 4  Next
Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
i await response yes/no, and reason why yes, and why no.

WARNING: this is not democratic vote, smart reasoning and prominent members' opinions count

Cool Wink
Post 01 Nov 2006, 01:04
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
No, since I prefer to know what can be done to be prepered to such attacks instead of just ignoring them. I think that instead of banning is better to motivate members to produce anti malware code so all of us can learn both, the malware and how to protect us against it.

BTW, if you need more feedback about this then remember the discusion about the "timid virus" (it was splitted into two threads to separate the discusion about publishing virus code and the anti timid code).
Post 01 Nov 2006, 01:54
View user's profile Send private message Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
well said Loco
Post 01 Nov 2006, 02:31
View user's profile Send private message Reply with quote
MichaelH



Joined: 03 May 2005
Posts: 402
MichaelH
While you're deciding, here's a link for you Vid Wink

http://www.rootkit.com/
Post 01 Nov 2006, 02:42
View user's profile Send private message Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
Encryption, antivirus (virus detecting or cleaning), self-modifying code, compression, EXE packers, reverse engineering (when permitted), TSRs, device drivers, studying OSes, low-level hardware access (VGA registers, partitions, fixed/removable drives) are probably okay.

Anything that suggests using someone's hardware/software in a hidden manner without permission, usually for malicious or useless/non-beneficial reasons, should probably be strongly avoided (for legal and moral reasons). Easter eggs are cool, though. Smile
Post 01 Nov 2006, 05:14
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Security by obscurity never works. It is always best to talk about the various exploits openly. That way, more people can protect themselves better and faster. Knowledge is power.

Indeed the more open the better. This is for two main reasons. 1) the more widespread things are known the the more opportunity for the OS/AV vendors have to update their code quicker. 2) by knowing about the problems early we can test our code/system to see if we are affected.

That being said, I must emphasize that I am only considering the discussion of the topics and the tricks that are used. If a thread starts getting to the point where a serious piece of code is being posted that has massive negative potential, then the moderators will still need to step in. Discression, as always, will be needed.

An outright ban would be too restrictive and would fail to recognise the positive benefits of full disclosure. On the other hand, an outright promotion of virus related thread would also mostly not be in the best interest. But I am sure we can lean towards the side of openness and still manage to realise the positive things without adversly increasing anything negatively.

Just my opinion, hope it helps.
Post 01 Nov 2006, 10:37
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
[OFFTOPIC]
revolution: no security ever worked 100%. security by obscurity works pretty well. see MazeGen's presentation from FASM tech discussion, obfuscation of StrLen function
Post 01 Nov 2006, 11:15
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
HyperVista



Joined: 18 Apr 2005
Posts: 691
Location: Virginia, USA
HyperVista
i think an open and free wheeling discussion is best. banning malware writers is counterproductive. there is much to be learned from their discussion.
that said, i think we need to refrain from "helping" script kiddies write malware they are incapable of themselves. i also think blatant malware source code on the board may not be wise.

[off topic @vid] - i'll append MazeGen's discussion on strlen function to the video this evening (i'm at work now). i made an error in omitting that portion of his talk. btw - i hope to have your talk on fasmlib up this weekend.


Last edited by HyperVista on 02 Nov 2006, 02:57; edited 1 time in total
Post 01 Nov 2006, 12:34
View user's profile Send private message Visit poster's website Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
I think we should not ban discussion about such topics. Only the ready solutions (source code or binary) should be deleted as fast as possible.
Post 01 Nov 2006, 20:31
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Ban? Probably not.

But question their motives and poke them in the eyes with a sharp stick if their attitude is too lame, yes. One thing is people dealing with malware analysis - it can be hard telling whether they're doing this for good or bad. But once their attitude tells them off as a fucking little no-good scriptkiddie out to destroy the world, tear them apart.
Post 03 Nov 2006, 08:21
View user's profile Send private message Visit poster's website Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
Don't forget, most of us Win32 peeps have to continually update our antivirus definitions and run a daily scan just in case someone somewhere comes up with something (e.g., a Word macro, go figure) that might cause lots of grief. In fact, mine's running right now (and slowing down the system quite a bit too).

Obviously, encryption and self-modifying code shouldn't be banned. In fact, I'd bet that a hobby OS writing to your hard drive is more dangerous that some viruses (e.g., AntiGUS, more of a nuisance really, just wastes space). So, yes, in case it wasn't obvious, I voted neither for banning or not banning since it depends on the context. But, yeah, I personally find no use in viruses AT ALL (okay, well, I downloaded a .BAT virus recently because I like .BAT files and would appreciate some nifty tips, but otherwise nah ... so I guess you can technically learn from them for good). Don't give in to the dark side, young padawan! Laughing
Post 03 Nov 2006, 09:02
View user's profile Send private message Visit poster's website Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
I vote for 'no banning'.
Post 04 Nov 2006, 01:14
View user's profile Send private message MSN Messenger Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
I vote for "no banning".
I think there's a lot to learn from malware coders. I myself have learned a lot from viruses, worms, trojans. Most assembly I know I've learned from VX zines.

I just think we can advice malware coders to use the knowledge for good things and not for damaging or affecting people's privacy. But banning is not the way to go.

I think every knowledge is good if used for good purposes. Studying a virus is very good to learn low-level skills and also knowing how to protect your own computer.

You know: It's better to read a virus source and learn from it and learn about security than ban everything related to it and then when a real compiled virus come to the computer not be be able to protect against it.

I know lots of malware coders that are good people. They use their creations just to learn and share security problems. It's better to know about security problems in released source-code form than in already compiled hidden code (that you got from unknown coder) already executing on the machine. Very Happy

Think about it.
Post 12 Nov 2006, 17:35
View user's profile Send private message Reply with quote
hckr83



Joined: 12 Nov 2006
Posts: 86
Location: usa
hckr83
I vote no banning --USUALLY-- if they are talking about giving it to people or launching it to spread on networks then it might should be more than banning(course theirs really no international internet cops though so..)

I always think about how virus's work because I am an OS dever and want my OS to be secure at the kernel level
Post 12 Nov 2006, 18:35
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
some reasoning to my earlier vote, I like coding Remote Administration Tools which are usually count as malware, and I've learned alot from it.
I spent nearly 3weeks arrested at police station last summer, due coding malware(ircbot) and sharing it with my friend who decided to use it, anyway my point is, the code doesnt hurt anyone, it's the lame kiddies with bad intentions.

ofc anyone who has clear intent of causing harm should be banned.
Post 13 Nov 2006, 19:31
View user's profile Send private message MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Since this has been discussed a lot recently then I have this for the thread: BUMP Razz

Well, it was about banning, lets talk about what should we do without banning anyone.

My opinion remains the same as my old post above, BUT, I think that people that miss-use fasm in a way that it looks like a very bad assembler (for the people that had read the malware author's code without reading the fasm's manual), should not be helped much. I really hate the people that thinks that writing malware is some kind of long-penis certificate or even an Assembly wizard "degree". Also, code written in a way that is better read when you pass it through IDAPro freeware version without any user interaction and/or scripts reach the maximum stupidity. It is the binary that must be obfuscated, not the source code! Jesus, is it hard to understand that!! Especially when people come here for help and post this type of code without describing much about the problem so you have to check everything, if the import table is correctly made, if stack variables/arguments are correctly accessed, if the magic numbers represent the correct constants, etc, etc, etc.

Well, that was the reason for why I don't like to provide help to this kind of things, because it confuses newcomers and waste people's time for nothing (because after all, all the malware discussed here is already available but still it is easy to ask here and expect other people write the code to later pseudo-obfuscate it and not give credits for the help to anyone).

I'm feel better now, thanks for reading Smile

PS: Something more: LEARN ASSEMBLY FIRST AND WRITE MALWARE LATER!!!
Post 08 Sep 2008, 22:06
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Quote:
PS: Something more: LEARN ASSEMBLY FIRST AND WRITE MALWARE LATER!!!

Don't write malware at all.

Analyzing malware can be a valuable skill, and knowing how exploits, trojans and viruses behave is necessary in order to defeat them. But I have absolutely zero respect for people that obviously don't have good intentions (well, some blackhats do conduct valuable research, even if I don't respect misusing that research).

All this being said, sometimes the little scriptkiddies grow up and turn into productive programmers. But it usually takes a good beating and not helping them writing malware.
Post 08 Sep 2008, 22:36
View user's profile Send private message Visit poster's website Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4240
Location: 2018
edfed
malware are easyer to write using C, VB or C++ i think.
assembly is not high level
malware are mostlly high level.

erase a part of a file.
corrupt datas.
corrupt a data transmittion.

acting on low level hardware, but the malware itself is very hard to write using asm. too much instructions.
Post 08 Sep 2008, 22:50
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
You don't really know what malware is about, do you edfed?
Post 09 Sep 2008, 11:47
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2940
Location: vpcmipstrm
bitRAKE
LocoDelAssembly, I feel your most recent comment has more to do with communication than malware. People that wish to have a problem solved and present a very complex listing: like if I posted Maxwell's equations without explaining what the variables represent. Abstractions should be used to document assembly and when absent the code should be documented sufficiently.

To shortcut and just post a long disassembly is to reduce the audience being addressed -- often to NIL! In the past I just assumed people posting as such just aren't interested in a response from me. There are areas of research at the fringe with a very small audience and I'm okay with that. For example, I optimize for size in a joking manner (stick penis analogy here Razz ).

I haven't been present enough to be aware of the malware content / discussion, of late. I am in favor of anything which simulates dialog. Let us not make malware posts themselves a weapon against discussion, but rather a filter against given (rote) solutions. The ambiguity itself does this to some extent and in the extreme becomes absurd.

_________________
¯\(°_o)/¯ unlicense.org


Last edited by bitRAKE on 09 Sep 2008, 15:33; edited 1 time in total
Post 09 Sep 2008, 14:55
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3, 4  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.