Return-Path: <sentto-279987-4279-1010783287-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 11 Jan 2002 13:11:07 -0800 (PST) Received: (qmail 32514 invoked by uid 510); 11 Jan 2002 21:08:22 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by all.net with SMTP; 11 Jan 2002 21:08:22 -0000 X-eGroups-Return: sentto-279987-4279-1010783287-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.165] by n31.groups.yahoo.com with NNFMP; 11 Jan 2002 21:08:06 -0000 X-Sender: junkmail@barnowl.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_1_3); 11 Jan 2002 21:08:07 -0000 Received: (qmail 26469 invoked from network); 11 Jan 2002 21:08:06 -0000 Received: from unknown (216.115.97.171) by m11.grp.snv.yahoo.com with QMQP; 11 Jan 2002 21:08:06 -0000 Received: from unknown (HELO server-19.tower-15.messagelabs.com) (63.210.62.243) by mta3.grp.snv.yahoo.com with SMTP; 11 Jan 2002 21:08:05 -0000 X-VirusChecked: Checked Received: (qmail 17111 invoked from network); 11 Jan 2002 20:56:04 -0000 Received: from nospam.barnowl.com (HELO barnowl.com) (206.72.12.109) by server-19.tower-15.messagelabs.com with SMTP; 11 Jan 2002 20:56:04 -0000 Received: from Office01 (unknown [10.1.1.136]) by barnowl.com (Postfix) with SMTP id 9B8DAED64 for <iwar@yahoogroups.com>; Fri, 11 Jan 2002 15:05:21 -0600 (CST) To: <iwar@yahoogroups.com> Message-ID: <NDBBJBDJCGCKGDILPNNEOEAMHEAA.junkmail@barnowl.com> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: <OCEDLLJFJEMAFJGHDCLNMEANDBAA.cpreston@gci.net> From: "Junkmail Rosenberger" <junkmail@barnowl.com> X-Yahoo-Profile: barnowlcom Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 11 Jan 2002 15:08:06 -0600 Subject: RE: [iwar] As Microsoft .Net develops threats keep pace Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Initial thoughts on the Donut virus: (1) I'd call it "yet another executable wrapper" before calling it a .Net virus. The author went to some rather impressive lengths to envelop a .Net file within a non-.Net module. If you can envelop a .ZIP file within a self-extractor .EXE module, then OF COURSE you can do the same with a .Net file. (2) It appears the author relied heavily on assembler, plus some C code, plus a token amount of MSIL. Hence I DISagree on philosophical grounds with McAfee's assessment that "this is the first virus to make use of Microsoft's .NET architecture." I also DISagree on philosophical grounds with F-Secure's assessment that "it's the first virus of its kind." HERE COMES YOUR KILLER QUOTE: It's like using the term "woman" to describe a male cross-dresser. (3) Based on input from two sources (one of them Microsoft), the author openly admitted the difficulty of writing a true .Net virus. If such an admission comes from the mouth of "Benny" of 29/A fame, then I'd take it as a compliment to .Net's security model. (I can't say I read Benny's email because I've got a problem with his damn ".msg" format.) (4) The antivirus industry already looks like it will treat this one in a "matter of fact" fashion. They'll update their detectors to find Donut and then the whole thing will blow over. I predict "the notorious Benny" will earn a footnote story in every computer security publication and 1-2 fluff pieces in every technopub (e.g. Virus Bulletin). Big deal. CURSORY SUMMARY: I see nothing truly "new" here. If we track down the virus expert who first called this a "proof of concept," I'll lay you odds the guy works for/with his firm's PR team. (BOO! Did I scare ya?) Rob ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tiny Wireless Camera under $80! Order Now! FREE VCR Commander! Click Here - Only 1 Day Left! http://us.click.yahoo.com/WoOlbB/7.PDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:02 PST