You have the darkman trojan.
pie...@hotmail.com
Hello All,
I got this file called "SITEPASS.EXE"
Don't laugh. Yes it was in surfing in one of these newsgroups related to
...sex. And, obviously, the name of the file is to make one thinks he will get
some kind of password to get on a sex site.
But it is a virus!
Fortunately, it seems to be a mild virus. It deletes your AUTOEXEC.BAT and
replace it with one with a ECHO command that write to your screen YOU HAVE THE
DARKMAN TROJAN.
For people who knows little about computer it could be a disaster.
I went on McAfee and Symantec sites and didn't find anything about the
Darkman Trojan. Does someone know how I could have this file analysed just to
be sure that the autoexec problem was the only one and that I don't have a
timed bomb under my keybord.
Thank you,
Pierre
-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading
Virus
Sounds like a simple batch file exe...
include <iostream.h>
include <conio.>
int Main (Void);
{
Delete something.. here;
cout ("Display something...here;
}
End Program
ViRuS
"Pro ViRuS 98"
"Life is simple, become a virus today!"
pie...@hotmail.com wrote in article <6ggc47$ei5$1...@nnrp1.dejanews.com>...
JZpimp
In article <01bd6320$c5fae760$a781fed0@uymfdlvk>, "Virus" <vi...@earthlink.net>
writes:
>Sounds like a simple batch file exe...
>
>include <iostream.h>
>include <conio.>
>int Main (Void);
>{
> Delete something.. here;
> cout ("Display something...here;
>}
>End Program
>
> ViRuS
>
>"Pro ViRuS 98"
>"Life is simple, become a virus today!"
>
>
Well, actually what you just attempted to write was C++ not BATCH.
Joshua S. Zarwel
JZp...@aol.com
"It's like that and that's the way it is."
Martin Overton
Hi,
On Wed, 08 Apr 1998 12:28:40 -0600, pie...@hotmail.com wrote:
> I got this file called "SITEPASS.EXE"
>
> Don't laugh. Yes it was in surfing in one of these newsgroups related to
>...sex. And, obviously, the name of the file is to make one thinks he will get
>some kind of password to get on a sex site.
>
> But it is a virus!
No, it's a Trojan, as it doesn't replicate.
> Fortunately, it seems to be a mild virus. It deletes your AUTOEXEC.BAT and
>replace it with one with a ECHO command that write to your screen YOU HAVE THE
>DARKMAN TROJAN.
Sounds typical of a trojan.
> For people who knows little about computer it could be a disaster.
Indeed, and yet people still write Trojans and viruses and think they
are not hurting anyone.
> I went on McAfee and Symantec sites and didn't find anything about the
>Darkman Trojan. Does someone know how I could have this file analysed just to
>be sure that the autoexec problem was the only one and that I don't have a
>timed bomb under my keybord.
Most anti-virus software is not written to detect trojans, although
detection of trojans is becoming more common. Dr. Solomon's have just
released a Trojan dectection/removal program which is available for
free on their website at http://www.drsolomon.com.
To get the file verified simply send it to your favoutite anti-virus
vendor and they should report back to you within a reasonable time.
> Thank you,
You're very welcome, I hope it helps?
Martin Overton
ChekWARE - BTS Member - Chek...@Cavalry.com
Anti-Virus - http://chekware.simplenet.com/cmindex.hts
Tarantulas - http://chekware.simplenet.com/burrow/index.hts
Maintainer of The HOAX FAQ and the a.p.a Tarantula FAQ.
Pierre Vandevenne
In <6gi66r$m40$1...@eros.clara.net>, "Richard Saunders" <Saunder...@clara.net> writes:
>Send to it F-prot!
>Here is the new virus txt from the program.
Richard Saunders & family !!!!!
Ever heard of Emily Postnews ?????
---
Pierre Vandevenne, MD - http://www.datarescue.com/ida.htm
IDA Pro 3.7 adds multi pass analysis, stack variables, symbolic constants,
unicode, ELF support, color highlighting, C++ name demangling to compiler
library recognition - now with Delphi and Pascal FLIRT support !
RAiD
In article <352bd7a4...@news.demon.co.uk>,
Chek...@Cavalry.com (Martin Overton) wrote:
>You're very welcome, I hope it helps?
I was beginning to wonder where you went....I see v2.30 is still being
offered, with the same exploit I've demonstrated...You don't really care
about the poor saps who think there safe using your product do you?
Email: juno@raid.x (swap to mail)
http://207.23.1.97/~raid/index.html
http://krile.dyn.ml.org/~raid/index.html
kurt wismer
On Thu, 9 Apr 1998, RAiD wrote:
> In article <352bd7a4...@news.demon.co.uk>,
> Chek...@Cavalry.com (Martin Overton) wrote:
>
> >You're very welcome, I hope it helps?
>
> I was beginning to wonder where you went....I see v2.30 is still being
> offered, with the same exploit I've demonstrated...You don't really care
> about the poor saps who think there safe using your product do you?
you haven't a clue what a multi-layered av is, do you...
i realise there are times when whack-an-ego (a.c.v. version of
whack-a-mole) might be appropriate but when was the last time you saw
martin claim his av detected all viruses or was 100% secure? (provide
message id's please)
why bother demonstrating that his product can't do the impossible when he
doesn't claim otherwise and we all know it?
martin's chekmate is a tool, it is meant to be used in conjunction with
other tools... if you've fallen for the av pablum that av marketroids hand
out implying that av companies offer av solutions i respectfully suggest
you pull your head out of your arse...
and look up the word "complement" while you're at it...
--
"they shot a movie once, in my hometown,
everybody was in it, from miles around,
down at the speedway, some kind of elvis thing,
well i ain't no movie star, but i can get behind anything"
RAiD
In article
<581621D33CEC3811.632D60A2...@library-proxy.airnews.
net>,
>Your prejudice against generic AV is showing.
Prejudice?
Generic AV which has a blatent security risk yes.
RAiD
In article <Pine.GSO.3.95.980409221130.25666A-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>you haven't a clue what a multi-layered av is, do you...
You haven't checked out chekmate have you? Multi-layed my ass. It stores
data on a few KEY files, and thats it. It does not scan your entire drive.
And its author in the documentation suggests trying to run a suspect virus
infected file in checkwares directory. of course, using the very
configuration file checkmate uses, the virus can easily evade this little
'virus capture' bullshit.
>i realise there are times when whack-an-ego (a.c.v. version of
>whack-a-mole) might be appropriate but when was the last time you saw
>martin claim his av detected all viruses or was 100% secure? (provide
>message id's please)
Kurt, please.. Download chekmate, and have a look. Then you tell me if its
multi-layered. Pfft.
>why bother demonstrating that his product can't do the impossible when he
>doesn't claim otherwise and we all know it?
Because his damn product has a serious flaw in it's design, and he knows
it.
>martin's chekmate is a tool, it is meant to be used in conjunction with
>other tools... if you've fallen for the av pablum that av marketroids
>hand out implying that av companies offer av solutions i respectfully
>suggest you pull your head out of your arse...
kurt, download chekmate. See what it does for yourself. Almost all viruses
these days leave the files he 'protects' alone. It's no more multi-layered
then msdos backup.exe is.
RAiD
In article
<113FA10923A997E1.6333D64F...@library-proxy.airnews.
net>,
>Yes, prejudice. If I told you you I was distributing my generic AV
>tomorrow, wouldn't you be prepared to say tonight, that
>krile.uglypieceofdooky.lastversionplus.x could infect it by
>piggyfscking it before dawn? ;-)
Nope. Since the last krile was v1.0i, and there will be no further kriles
coded. :-)
>Generic AV, when used as the only layer of AV security may present a
>security risk, especially when exposed to targeted attacks. Duh.
What you call a targetted attack is Bullshit. He knew damn well his AV was
junk, and i wouldn't even consider it AV. It doesn't even scan your entire
hard disk. It's a poorly designed, half assed coded program.
Martin Overton
Hi RAiD, or do you prefer Casio, RustBug or Dustin?
In article <6gjf44$oak$1...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article <352bd7a4...@news.demon.co.uk>,
> Chek...@Cavalry.com (Martin Overton) wrote:
>
>>You're very welcome, I hope it helps?
>
>I was beginning to wonder where you went...
I've been rather busy with other work (Year 2000, etc.) over the last few
weeks or so, I have posted from time to time, when I could help or offer
advice and I had a few minutes to spare.
Thought you'd scared me off? ;-)
I see your still being helpful to all and sundry peddling your viruses.
> I see v2.30 is still being
>offered, with the same exploit I've demonstrated...
Yes 2.30 is still available, an updated *freeware* version will be released
soon that counters your directed attack and minimises the chance of a similar
attack, But you already knew that, didn't you.
Just like you knew that all my registered customers were sent information on
your attack and ways to counter it, and a new version was made available
within hours of getting your sample.
>You don't really care
>about the poor saps who think there safe using your product do you?
As I have repeatedly stated my product is not a single layered solution to
viruses, but should be used as part of a multi-layered approach where a
scanner (preferably on-access) is the first layer. My claims for my product
are not excessive nor do I claim that it's perfect, no av product is.
I do respond to feedback, be it positive or negative, and fix problems where
it is feasible and desirable (for my customers). Also I've decided to make
the new version free for non-commercial use, as I used to offer ChekMate
before.
As I told you before, I'm not in this industry for the money, but to help
people. That doesn't make me some form of saint, better than anyone or
whatever, so don't make out that I have a hidden agenda or an axe to grind.
Do you care about those that you infect, either directly or indirectly with
your viruses? I don't give a flying fig that you write viruses (as long as you
keep them to yourself), I just object to you making them available to others
and therefore making the problem larger. Why not go back to writing ShareWare
software, you used to, didn't you.
No doubt you'll come back with some ascerbic wit, veiled threat or another
personal attack? But then you could prove me wrong and be reasonable for a
change ;-)
Rergards,
Martin Overton
--
Martin Overton
Hi Kurt,
In article <Pine.GSO.3.95.980409221130.25666A-100000@eddie>, cr...@torfree.net
wrote:
>On Thu, 9 Apr 1998, RAiD wrote:
>
>> In article <352bd7a4...@news.demon.co.uk>,
>> Chek...@Cavalry.com (Martin Overton) wrote:
>>
>> >You're very welcome, I hope it helps?
>>
>> I was beginning to wonder where you went....I see v2.30 is still being
>> offered, with the same exploit I've demonstrated...You don't really care
>> about the poor saps who think there safe using your product do you?
>
>you haven't a clue what a multi-layered av is, do you...
No he obviously doesn't, maybe he ought to read my 1996 Virus Bulletin
International Conference paper. It's reasonably well explained in there,
actually I really ought to update that paper to cover new technologies and
threats.
>i realise there are times when whack-an-ego (a.c.v. version of
>whack-a-mole) might be appropriate but when was the last time you saw
>martin claim his av detected all viruses or was 100% secure? (provide
>message id's please)
He won't be able to, as I don't make that claim (and *never* have).
>why bother demonstrating that his product can't do the impossible when he
>doesn't claim otherwise and we all know it?
>
>martin's chekmate is a tool, it is meant to be used in conjunction with
>other tools... if you've fallen for the av pablum that av marketroids hand
>out implying that av companies offer av solutions i respectfully suggest
>you pull your head out of your arse...
He also ought to post his proof as to why he called me a liar, he like another
that posts here seems to like throwing accusations and failing to supply
proof.
Martin Overton
In article <6gka55$48l$2...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article <Pine.GSO.3.95.980409221130.25666A-100000@eddie>,
> kurt wismer <a270...@cdf.toronto.edu> wrote:
>
>>you haven't a clue what a multi-layered av is, do you...
>
>You haven't checked out chekmate have you? Multi-layed my ass. It stores
>data on a few KEY files, and thats it. It does not scan your entire drive.
ChekMate is not a full multi-layered solution (it uses over-lapping detection
techniques). Multi-layered as I've frequently stated includes at least the
following tools:
1. an up to date scanner (preferably on-access).
2. regular backups.
3. integrity checker or other generic tools/utilities.
>>martin's chekmate is a tool, it is meant to be used in conjunction with
>>other tools... if you've fallen for the av pablum that av marketroids
>>hand out implying that av companies offer av solutions i respectfully
>>suggest you pull your head out of your arse...
>
>kurt, download chekmate. See what it does for yourself. Almost all viruses
>these days leave the files he 'protects' alone. It's no more multi-layered
>then msdos backup.exe is.
Dustin, see above.....
Martin Overton
In article <6gka54$48l$1...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article
>net>,
>
>>Yes, prejudice. If I told you you I was distributing my generic AV
>>tomorrow, wouldn't you be prepared to say tonight, that
>>krile.uglypieceofdooky.lastversionplus.x could infect it by
>>piggyfscking it before dawn? ;-)
>
>Nope. Since the last krile was v1.0i, and there will be no further kriles
>coded. :-)
Dustin, does that mean you've decided to stop writing viruses?
(and if the answers yes then I'm a flying pig ;-)
>>Generic AV, when used as the only layer of AV security may present a
>>security risk, especially when exposed to targeted attacks. Duh.
Indeed, as is any security product.
>What you call a targetted attack is Bullshit. He knew damn well his AV was
>junk, and i wouldn't even consider it AV.
Is it, I think not. In four years I've seen and heard from no-one that
ChekMate is junk, oh. except for you and your personal crusade against generic
anti-virus products and me, or is the cryptic message you left on my website
stating that 'RAiD owns you' just the encrypted text of 'Hello Martin' or
'Beautiful plumage the Norwegian Blue'?
It detects the action (and therefore presence of viruses) so that makes it an
anti-virus tool, or maybe I've been deluding myself for all these years that
integrity checkers and scanners are anti-virus tools?
> It doesn't even scan your entire
>hard disk. It's a poorly designed, half assed coded program.
Ummm... that's why I tend to call it a targeted integrity checker....strange
then that it doesn't scan anything, isn't it?
You keep forgetting that I don't claim it's perfect, that's a rather large
blind -spot you have, almost a big as the one where you state that your virus
writing is not hurting anyone.
Do you have some form of aim to have me be rude to you, can't see why as I've
been nothing but tolerant and polite to you. If that's what you're waiting for
then you'll be waiting a long time......
When are you going to supply your proof to prove your allegation that I'm a
liar? It must be over 3 months now since you made that allegation, what's
next? You going to claim I'm the the pay of an anti-virus company ;-)
....Oh damn! I'm wearing Dr. Solomon's socks.....and a Virus Bulletin 97
tee-shirt, that means I'm in the pay of both SOPHOS and Solomons....oh and
then there's the fridge magnets from IBM, the stress balls from McAfee,
etc....
kurt wismer
On Fri, 10 Apr 1998, RAiD wrote:
> In article
> <581621D33CEC3811.632D60A2...@library-proxy.airnews.
> net>,
>
> >Your prejudice against generic AV is showing.
>
> Prejudice?
>
> Generic AV which has a blatent security risk yes.
generic av which isn't *supposed* to be 100% secure you mean... you don't
seem to be able to wrap your head around that idea though...
kurt wismer
On Fri, 10 Apr 1998, RAiD wrote:
> In article <Pine.GSO.3.95.980409221130.25666A-100000@eddie>,
> kurt wismer <a270...@cdf.toronto.edu> wrote:
>
> >you haven't a clue what a multi-layered av is, do you...
>
> You haven't checked out chekmate have you? Multi-layed my ass. It stores
> data on a few KEY files, and thats it. It does not scan your entire drive.
thank you for proving me right... chekmate is a single layer, not the
whole thing... there is no product on the market, that i know of, which
has all the components necessary to implement an exhaustive multi-layered
strategy...
> And its author in the documentation suggests trying to run a suspect virus
> infected file in checkwares directory. of course, using the very
> configuration file checkmate uses, the virus can easily evade this little
> 'virus capture' bullshit.
as i suggested the last time you went raving on about this, chekmate
makes it possible to use full integrity checking *less* often (nb. i
didn't say it replaces a full integrity checker) which is desirable in
many instances because a full integrity check is computationally expensive
and detracts from productivity...
> >i realise there are times when whack-an-ego (a.c.v. version of
> >whack-a-mole) might be appropriate but when was the last time you saw
> >martin claim his av detected all viruses or was 100% secure? (provide
> >message id's please)
>
> Kurt, please.. Download chekmate, and have a look. Then you tell me if its
> multi-layered. Pfft.
you did it again... no product has all the peices, chekmate is one of the
possible layers, not all of them...
> >why bother demonstrating that his product can't do the impossible when he
> >doesn't claim otherwise and we all know it?
>
> Because his damn product has a serious flaw in it's design, and he knows
> it.
his product had no such flaw, your understanding of multi-layered av has a
serious flaw...
> >martin's chekmate is a tool, it is meant to be used in conjunction with
> >other tools... if you've fallen for the av pablum that av marketroids
> >hand out implying that av companies offer av solutions i respectfully
> >suggest you pull your head out of your arse...
>
> kurt, download chekmate. See what it does for yourself. Almost all viruses
> these days leave the files he 'protects' alone. It's no more multi-layered
> then msdos backup.exe is.
you apparently didn't read what i said... if you think av companies offer
"solutions" you should pull your head out of your arse... they make
components... you have to peice the components together to get any kind of
serious multi-layered av system...
think about it, raid, would you use a single scanner only? probably not...
why then should you hold martin's product to the fallacious standard of
being a complete solution when you don't do so for scanners?
RAiD
In article <892213931.12723.2...@news.demon.co.uk>,
mar...@salig.demon.co.uk (Martin Overton) wrote:
>ChekMate is not a full multi-layered solution (it uses over-lapping
>detection techniques). Multi-layered as I've frequently stated includes
I know this martin, I've read your documentation and used your program
several times. You never claimed it was multi-layered, Kurt did. :)
>Dustin, see above.....
I'm impressed martin, YOu can use finger real.email addy :-)
RAiD
In article <892213932.12723.3...@news.demon.co.uk>,
mar...@salig.demon.co.uk (Martin Overton) wrote:
>Dustin, does that mean you've decided to stop writing viruses?
By no means martin. Just that I've decided to stop with the KRiLE family,
I wrote a few too many of them as it is. :-)
>When are you going to supply your proof to prove your allegation that I'm
>a liar? It must be over 3 months now since you made that allegation,
>what's next? You going to claim I'm the the pay of an anti-virus company
>;-)
You are a liar martin. antichek was written to prove that your program had
/has a serious flaw, you either overlooked this, or didn't care. Which is
it?
RAiD
In article <Pine.GSO.3.95.980410093528.16711C-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
I didn't claim it should be a complete solution, but as it stands, the
limited checking it does do, isn't worth your drive space. It doesn't
store checksum files for each file, it snapshots your boot-sector, and a
few files from the windows directory, and your command.com, autoexec bat
etc. How is this even a single layer? please, enlighten me.
RAiD
In article <892213929.12723.0...@news.demon.co.uk>,
mar...@salig.demon.co.uk (Martin Overton) wrote:
>Hi RAiD, or do you prefer Casio, RustBug or Dustin?
RAiD will do fine martin.
>I've been rather busy with other work (Year 2000, etc.) over the last
>few weeks or so, I have posted from time to time, when I could help or
>offer advice and I had a few minutes to spare.
Ahh...Nifty...
>Thought you'd scared me off? ;-)
I wouldn't ever think that. :)
>I see your still being helpful to all and sundry peddling your viruses.
Peddling? Oh yes, offering them on a webpage is peddling isn't it...OOpsie
>Yes 2.30 is still available, an updated *freeware* version will be
>released soon that counters your directed attack and minimises the chance
>of a similar attack, But you already knew that, didn't you.
I was expecting you to do this yes. I'll be anxious to see what you've
done.
>
>Just like you knew that all my registered customers were sent information
>on your attack and ways to counter it, and a new version was made
>available within hours of getting your sample.
To registered users only, as your virus advisory dictates. :)
What about the users who haven't registered yet?
>are not excessive nor do I claim that it's perfect, no av product is.
This I agree with, you have my respect, for what little its worth.
>
>the new version free for non-commercial use, as I used to offer ChekMate
>before.
Spoken like an author. Very good of you martin.
>As I told you before, I'm not in this industry for the money, but to help
>people. That doesn't make me some form of saint, better than anyone or
>whatever, so don't make out that I have a hidden agenda or an axe to
>grind.
I didn't once say you had a hidden agenda, nor an axe to grind martin. I
simply stated your program has (I have not seen the new version) a
security flaw. If this is fixed, then I have no problems with your
product, except for a few minor things, which i'll email.
>Do you care about those that you infect, either directly or indirectly
>with your viruses? I don't give a flying fig that you write viruses (as
>long as you
Actually I do martin. For example, each krile [since v1.0e] has a
backdoor, to make it easy for an infected user should his AV program fail
him to remove it. Simply rename the infected file to win.com, or
command.com in a directory by itself and execute it. KRiLE will not
re-infect the file. yes, this is a tedious process, but..it does work.
>and therefore making the problem larger. Why not go back to writing
>ShareWare software, you used to, didn't you.
Well, you've fingered my real email address, so you already know that I
did :)
>No doubt you'll come back with some ascerbic wit, veiled threat or
>another personal attack? But then you could prove me wrong and be
>reasonable for a change ;-)
Nah. I'm not that cruel. :)
>Rergards,
typo? :)
Mark Lookabaugh
Martin Overton wrote:
> ....Oh damn! I'm wearing Dr. Solomon's socks.....and a Virus Bulletin 97
> tee-shirt, that means I'm in the pay of both SOPHOS and Solomons....oh and
> then there's the fridge magnets from IBM, the stress balls from McAfee,
> etc....
If you run across any more of the free antivirus printers, send them
over. :)
--
Mark Lookabaugh
mlookaba (at) telepath.com
USS Brewton FF-1086 Home Page
http://www.telepath.com/mlookaba/navy.htm
Virus
Yeah, I know...
Was trying to make a point at 3 am..
ViRuS
"Pro Virus 98"
"Virii,Little creatures with big goals"
JZpimp <jzp...@aol.com> wrote in article
<199804082251...@ladder01.news.aol.com>...
Martin Overton
In article <6gm1ei$o2l$1...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article <892213931.12723.2...@news.demon.co.uk>,
> mar...@salig.demon.co.uk (Martin Overton) wrote:
>
>>ChekMate is not a full multi-layered solution (it uses over-lapping
>>detection techniques). Multi-layered as I've frequently stated includes
>
>I know this martin, I've read your documentation and used your program
>several times. You never claimed it was multi-layered, Kurt did. :)
That's not how I read it, but then my news-server is currently 35 hours
behind, so maybe I missed that post from Kurt?
Kurt care to confirm/deny this claim from Mr. Cook?
>>Dustin, see above.....
>
>I'm impressed martin, YOu can use finger real.email addy :-)
Didn't need to you left so many other clues that is was very easy to find your
real name via dejanews.
If someone had more than a few minutes to spare they could probably find out a
lot more. It won't be me doing it though as I don't have the inclination or
the time to waste.
Regards,
Martin Overton
In article <6gm1ek$o2l$2...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article <892213929.12723.0...@news.demon.co.uk>,
> mar...@salig.demon.co.uk (Martin Overton) wrote:
>>Hi RAiD, or do you prefer Casio, RustBug or Dustin?
>
>RAiD will do fine martin.
Sorry, if you make your real identity so easy to find then I call you by your
real name, so Dustin Cook it will be from now on when I reply to you.
>>I've been rather busy with other work (Year 2000, etc.) over the last
>>few weeks or so, I have posted from time to time, when I could help or
>>offer advice and I had a few minutes to spare.
>
>Ahh...Nifty...
Yes, something like 97 percent of my time is taken up by Y2K work at the
moment, so I don't get much time to read this group let alone reply much.
>>Thought you'd scared me off? ;-)
>
>I wouldn't ever think that. :)
Of course not......
>>I see your still being helpful to all and sundry peddling your viruses.
>
>Peddling? Oh yes, offering them on a webpage is peddling isn't it...OOpsie
Couldn't that still be seen as incitement? Certainly some of the text supplied
with some of your samples could be taken that way.....but we're covering old
ground and I don't have the time to waste.
>>Yes 2.30 is still available, an updated *freeware* version will be
>>released soon that counters your directed attack and minimises the chance
>>of a similar attack, But you already knew that, didn't you.
>
>I was expecting you to do this yes. I'll be anxious to see what you've
>done.
No doubt you'll create another targeted attack.....what's the old saying... ah
yes, "Anything done in software can be undone in software".
>>Just like you knew that all my registered customers were sent information
>>on your attack and ways to counter it, and a new version was made
>>available within hours of getting your sample.
>
>To registered users only, as your virus advisory dictates. :)
>What about the users who haven't registered yet?
My first responsibility is to my registered customers, the evaluation version
will be updated when I have some spare time to update it... I have other
features I want to add.
>>are not excessive nor do I claim that it's perfect, no av product is.
>
>This I agree with, you have my respect, for what little its worth.
Thanks, I think ;-)
>>the new version free for non-commercial use, as I used to offer ChekMate
>>before.
>
>Spoken like an author. Very good of you martin.
What's this got to do with being an author? I am returning ChekMate to being a
freeware product (free for non-commercial use) as it used to be.
>>As I told you before, I'm not in this industry for the money, but to help
>>people. That doesn't make me some form of saint, better than anyone or
>>whatever, so don't make out that I have a hidden agenda or an axe to
>>grind.
>
>I didn't once say you had a hidden agenda, nor an axe to grind martin. I
>simply stated your program has (I have not seen the new version) a
>security flaw. If this is fixed, then I have no problems with your
>product, except for a few minor things, which i'll email.
I see you decided not to e-mail me then, but post here publicly instead.
As I and a few others have stated it isn't a security flaw, it was a decision
to offer a balance of security and ease-of-use, just like every other av and
security product. I could have easily encrypted the ini file, I've yet to see
any AV product do this.
Maybe the 95 versions of AV products should encrypt their registry entries
too?
None do that I've tested, by your definition that is a security flaw.
>>Do you care about those that you infect, either directly or indirectly
>>with your viruses? I don't give a flying fig that you write viruses (as
>>long as you
>
>Actually I do martin. For example, each krile [since v1.0e] has a
>backdoor, to make it easy for an infected user should his AV program fail
>him to remove it. Simply rename the infected file to win.com, or
>command.com in a directory by itself and execute it. KRiLE will not
>re-infect the file. yes, this is a tedious process, but..it does work.
Why not just keep them to yourself instead?
Why is it so important that you have to distribute them?
>>and therefore making the problem larger. Why not go back to writing
>>ShareWare software, you used to, didn't you.
>
>Well, you've fingered my real email address, so you already know that I
>did :)
I didn't find out that information from there, but from dejanews as I've
already stated.
>>No doubt you'll come back with some ascerbic wit, veiled threat or
>>another personal attack? But then you could prove me wrong and be
>>reasonable for a change ;-)
>
>Nah. I'm not that cruel. :)
I noticed that, yes you're right, you can't be reasonable can you :-)
>>Rergards,
>
>typo? :)
Yep, see I am human and I do make mistakes too, and when I do I acknowledge
them and fix them.
Martin Overton
In article <352F0018.5A6B@NO_ADS.telepath.com>, mlookaba@NO_ADS.telepath.com
wrote:
>Martin Overton wrote:
>
>> ....Oh damn! I'm wearing Dr. Solomon's socks.....and a Virus Bulletin 97
>> tee-shirt, that means I'm in the pay of both SOPHOS and Solomons....oh and
>> then there's the fridge magnets from IBM, the stress balls from McAfee,
>> etc....
>
>If you run across any more of the free antivirus printers, send them
>over. :)
Any more? I've yet to find one at all ;-)
Martin Overton
In article <6gm1en$o2l$3...@news.usit.net>, nospam.i...@View.signature.Below
(RAiD) wrote:
>In article <892213932.12723.3...@news.demon.co.uk>,
> mar...@salig.demon.co.uk (Martin Overton) wrote:
>
>>Dustin, does that mean you've decided to stop writing viruses?
>
>By no means martin. Just that I've decided to stop with the KRiLE family,
>I wrote a few too many of them as it is. :-)
That's a shame Dustin, I hoped that you'd seen the light.
I suppose you realise that means I'll have to put my wings away after all and
stop practicing my Oinking now ;-)
>>When are you going to supply your proof to prove your allegation that I'm
>>a liar? It must be over 3 months now since you made that allegation,
>>what's next? You going to claim I'm the the pay of an anti-virus company
>>;-)
>
>You are a liar martin. antichek was written to prove that your program had
>/has a serious flaw, you either overlooked this, or didn't care. Which is
>it?
How is that supposed to prove I'm a liar?
I and others have already addressed this allegation (of a security flaw) time
and time again.
Neither, I knew that such an attack was possible, as are many attacks against
all av products and it's been discussed to death. I have never claimed that
ChekMate was perfect or a 100% solution, therefore your argument (or proof) is
unacceptable.
Mark Lookabaugh
Spanska wrote:
>
> Martin Overton:
> >Sorry, if you make your real identity so easy to find then I call you by your
>
> Hey, Martin, is it the only way you've found to have a revenge
> on Raid, posting his real name on a public forum? All of you
> always say that we are immoral and unethical (which is quite
> true in general), but i see more and more that AV people are
> the same.
Posting someone's real name is unethical?
How _very_ twisted your morals are...
Graham Cluley
Spanska writes:
> Martin Overton:
> >Sorry, if you make your real identity so easy to find then I call
> >you by your real name, so XXXXXX XXXX it will be from now on when
> >I reply to you.
>
> Hey, Martin, is it the only way you've found to have a revenge
> on Raid, posting his real name on a public forum? All of you
> always say that we are immoral and unethical (which is quite
> true in general), but i see more and more that AV people are
> the same.
What's immoral and unethical about Martin calling RAiD by his real name?
--
Graham Cluley, gcl...@uk.drsolomon.com Dr Solomon's AntiVirus (DSAV)
UK Support: sup...@uk.drsolomon.com UK Tel: +44 (0)1296 318700
US Support: sup...@us.drsolomon.com US Tel: 781 273 7400
CompuServe: GO DRSOLOMON Web: http://www.drsolomon.com
Check out alt.comp.virus.pictures!! http://members.aol.com/altcompvir
RAiD
In article <892413848.5139.3...@news.demon.co.uk>,
Chek...@Cavalry.com (Martin Overton) wrote:
>Sorry, if you make your real identity so easy to find then I call you by
>your real name, so Dustin Cook it will be from now on when I reply to
>you.
LoL martin. You seem to be under the impression this will phase me?
Perhaps stop me from showing people what junk your program really is? :)
Does one think I'm that foolish? You don't intimidate nor scare me in the
least. :)
>Why not just keep them to yourself instead?
>Why is it so important that you have to distribute them?
What for? Then, I wouldn't be able to show some AV producers for what they
really are. :)
BTW, since you claimed you obtained this account name Via deja news, I'd
like to see the message. :-) Or, can you provide it? :)
>I didn't find out that information from there, but from dejanews as I've
>already stated.
Wheres the dejanews post martin? :)
RAiD
In article <892413846.5139.2...@news.demon.co.uk>,
Chek...@Cavalry.com (Martin Overton) wrote:
>Didn't need to you left so many other clues that is was very easy to find
>your real name via dejanews.
Sure you did martin. Please, post the message where it links that name, or
just admit using the name is an act of petty revenge for daring to
challenge you :-)
Don't you think, had I wanted a name to be used, I would have used it?
Would you like someone posting your real address, social security number
etc? :)
RAiD
In article <1998041222481...@nym.alias.net>,
Spanska <Use-Author-Address-Header@[127.1]> wrote:
>Hey, Martin, is it the only way you've found to have a revenge
>on Raid, posting his real name on a public forum? All of you
>always say that we are immoral and unethical (which is quite
>true in general), but i see more and more that AV people are
>the same.
He's desperate. He doesn't want any more anti-chekmate viruses written to
show his piece of junk program for what it is. :-)
RAiD
In article <892413850.5139.4...@news.demon.co.uk>,
Chek...@Cavalry.com (Martin Overton) wrote:
>That's a shame Dustin, I hoped that you'd seen the light.
>I suppose you realise that means I'll have to put my wings away after all
>and stop practicing my Oinking now ;-)
LoL martin. when this is finished, You realize how stupid your going to
look right? :-)
>Neither, I knew that such an attack was possible, as are many attacks
You *knew* it was possible eh? Why bother suggesting users rename the bait
files then? Storing bait file names right in the open, no matter what you
or others wanna claim, IS a security flaw. And by the looks of things, You
knew and didn't give a shit. :)
kurt wismer
On Sun, 12 Apr 1998, Martin Overton wrote:
> In article <6gm1ei$o2l$1...@news.usit.net>, nospam.i...@View.signature.Below
> (RAiD) wrote:
> >In article <892213931.12723.2...@news.demon.co.uk>,
> > mar...@salig.demon.co.uk (Martin Overton) wrote:
> >
> >>ChekMate is not a full multi-layered solution (it uses over-lapping
> >>detection techniques). Multi-layered as I've frequently stated includes
> >
> >I know this martin, I've read your documentation and used your program
> >several times. You never claimed it was multi-layered, Kurt did. :)
>
> That's not how I read it, but then my news-server is currently 35 hours
> behind, so maybe I missed that post from Kurt?
>
> Kurt care to confirm/deny this claim from Mr. Cook?
i never said it was multi-layered... i did accuse him of having no idea of
what a multi-layered av was, however, since he obviously seems to think
your (or anyone elses i imagine) product should be 100% secure all on it's
own...
apparently he misinterpreted that to mean that chekmate was all the layers
in a mult-layered av, thus proving me right, since no product (to my
knowledge) has all the layers and that should be clear to anyone who did
understand what multi-layered av was...
kurt wismer
On 12 Apr 1998, Spanska wrote:
> Martin Overton:
> >Sorry, if you make your real identity so easy to find then I call you by your
> >real name, so XXXXXX XXXX it will be from now on when I reply to you.
>
> Hey, Martin, is it the only way you've found to have a revenge
> on Raid, posting his real name on a public forum? All of you
> always say that we are immoral and unethical (which is quite
> true in general), but i see more and more that AV people are
> the same.
what's wrong with posting raid's true identity? he said himself that it
was easy to find... that suggests he didn't really care much... then
there's all the clues he gave (like being a regular in fido a couple years
ago under his real name)...
dustin cook (whom i do seem to recall vaguely, only because he had the
same last name as jeff cook - a tbav rep) hasn't shown all that much
concern over hiding his identity... if he had he wouldn't have flaunted
the availability of it...
Graham Cluley
RAiD writes:
> >I didn't find out that information from there, but from dejanews
> >as I've already stated.
>
> Wheres the dejanews post martin? :)
I thought this was about to develop into another of those wonderful
alt.comp.virus competitions. So in readiness I leapt to Dejanews to try
and find some messages from Dustin Cook. Turns out there are loads...
some of them even seem to have his snail mail address.
RAiD
In article <Pine.GSO.3.95.980412204733.7798N-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>what's wrong with posting raid's true identity? he said himself that it
>was easy to find... that suggests he didn't really care much... then
>there's all the clues he gave (like being a regular in fido a couple
>years ago under his real name)...
Indeed kurt, but...Emailing martin a copy of antichek (which I admit was
foolish, I didnt forge the email header) is where he got my name. His
claims of finding it via dejanews is a joke to say the least.
>xxxx (whom i do seem to recall vaguely, only because he had the
>same last name as jeff cook - a tbav rep) hasn't shown all that much
>concern over hiding his identity... if he had he wouldn't have flaunted
>the availability of it...
your ever so right, I'll know to use a bogus email addy next time I email
an antivirus person. Never know how desperate they might become :)
Ernest Petter
On Mon, 13 Apr 98 00:51:38 GMT, RAiD wrote:
>In article <892413848.5139.3...@news.demon.co.uk>,
> Chek...@Cavalry.com (Martin Overton) wrote:
>
>>Sorry, if you make your real identity so easy to find then I call you by
>>your real name, so Dustin Cook it will be from now on when I reply to
>>you.
>
[I missed Martin's original post so I'll follow-up via Mr.Cook's]
Dernnit Martin, it's a good thing I can still cancel the orders for
all those t-shirts. How will I ever afford to go to VBCON now?
Regards,
--
Ernest
RAiD
In article <6grptm$h9d$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I thought this was about to develop into another of those wonderful
>alt.comp.virus competitions. So in readiness I leapt to Dejanews to try
>and find some messages from Dustin Cook. Turns out there are loads...
>some of them even seem to have his snail mail address.
But, are you *sure* that Dustin Cook is me grahm? :-)
usit.net isn't a usa wide isp you know :)
Also, on another note, the martin Dustin posts didn't start until *after*
I emailed him a copy of antichek..He never responded, so..I had no choice
but to advertise the exploit. His choice :)
Graham Cluley
Kurt Wismer writes:
> what's wrong with posting raid's true identity? he said himself
> that it was easy to find... that suggests he didn't really
> care much... then there's all the clues he gave (like being a
> regular in fido a couple years ago under his real name)...
Dustin Cook has posted on alt.comp.virus quite a few times too.. even
participating in the odd ChekMate thread. Seeing as he's not too
concerned about keeping his identity a secret I'll be very happy to
include a picture of him on alt.comp.virus.pictures.
Have you got a picture of yourself on the net Dustin?
RAiD
In article
<91EC338D0AC07279.8F476563...@library-proxy.airnews.
net>,
spam.go...@pc-pro.com (Ernest Petter) wrote:
heres the result of the dejanews search for 'Dustin Cook'...
Â
Â
Matches 1-20 of exactly 52 for search:
  Â
Help
Power Search
Interest Finder
Browse Groups
Â
Date Scr Subject Newsgroup
Author
1. 98/04/12 031 Re: RAiD Blowing Smoke Again alt.comp.virus
Martin Overton
2. 98/04/12 030 Re: RAiD Blowing Smoke A#1/2 alt.comp.virus
Martin Overton
3. 98/04/02 030 Re: Colorado in mourning rec.sport.football.co
Dustin Christmann
4. 98/04/06 028 Re: Katz hahahahahahahahahah alt.sport.qzar
Barry J. Sikora II
5. 98/04/06 028 Re: Katz hahahahahahahahahah alt.sport.qzar Jake
PTA
6. 98/04/08 027 Re: Automatyczna instala#20/ pl.comp.os.win95
Mirek Siedlecki
7. 98/04/11 026 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
8. 98/04/10 026 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
9. 98/03/25 026 Re: MercNDSP serving wrong m bit.listserv.pmail Jon
Dustin
10. 98/04/09 025 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
11. 98/04/08 025 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
12. 98/04/01 025 LIST: Who's Who? In Spri#3/8 alt.tv.simpsons
Haynes Lee
13. 98/04/01 025 LA Times predicts Padres#5/5 alt.sports.baseball.s xyz
14. 98/03/31 025 NEWS: The Joy of Sects #2/3 alt.religion.scientol
Scanner
15. 98/03/29 025 LATimes (J.Reid): Nation#5/5 alt.sports.baseball.s
Steven Chan, quoti
16. 98/04/05 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
17. 98/04/04 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
18. 98/03/29 024 Major League Baseball Capsul newsguy.sports.baseba UPI
19. 98/03/19 024 Re: More Rodgers and Hart, p rec.arts.theatre.musi
wmmin
20. 98/03/08 024 Review: Wag the Dog (1997) rec.arts.movies.revie Luke
Buckmaster
<< Previous results ·  Next results >>
 I want an easier way to subscribe to newsgroups!
Â
Â
Matches 21-40 of exactly 52 for search:
  Â
Help
Power Search
Interest Finder
Browse Groups
Â
Date Scr Subject Newsgroup
Author
21. 98/04/07 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
22. 98/04/06 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
23. 98/04/03 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
24. 98/04/02 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
25. 98/04/01 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
26. 98/03/31 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
27. 98/03/30 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
28. 98/03/29 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
29. 98/03/28 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
30. 98/03/27 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
31. 98/03/20 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
32. 98/03/19 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
33. 98/03/18 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
34. 98/03/17 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
35. 98/03/16 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
36. 98/03/15 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
37. 98/03/14 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
38. 98/03/13 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
39. 98/03/12 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
40. 98/03/11 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
<< Previous results ·  Next results >>
Â
Â
Matches 21-40 of exactly 52 for search:
  Â
Help
Power Search
Interest Finder
Browse Groups
Â
Date Scr Subject Newsgroup
Author
21. 98/04/07 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
22. 98/04/06 024 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
23. 98/04/03 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
24. 98/04/02 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
25. 98/04/01 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
26. 98/03/31 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
27. 98/03/30 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
28. 98/03/29 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
29. 98/03/28 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
30. 98/03/27 023 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
31. 98/03/20 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
32. 98/03/19 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
33. 98/03/18 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
34. 98/03/17 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
35. 98/03/16 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
36. 98/03/15 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
37. 98/03/14 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
38. 98/03/13 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
39. 98/03/12 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
40. 98/03/11 022 FS: 1996 BASEBALL INSERT#3/8 rec.collecting.sport.
Mohammad T. Mirzai
<< Previous results ·  Next results >>
Now martin, the jig is up :) Come clean, admit you fingered the email addy
I emailed you from...:-)
I'm by no means a sports fan...:) and I don't collect baseball
cards..Muahahaha
So martin, tell the truth, admit..You fucked up :-) Dig that hole.
Here, a shovel...:)
Graham Cluley
Dustin Cook/RAiD writes:
> Indeed kurt, but...Emailing martin a copy of antichek (which I
> admit was foolish, I didnt forge the email header) is where he
> got my name. His claims of finding it via dejanews is a joke
> to say the least.
I just found loads of posts by you (Dustin Cook) on Dejanews. Some of
them wibbled on about Chekmate, ASIC, and the usual subjects you wibble
on about. Maybe Martin worked it out from that. Martin knows a thing or
two about the net - I'm sure he didn't find it too tricky to work out via
Dejanews.. it's got a powerful search engine.
> >xxxx (whom i do seem to recall vaguely, only because he had
> >the same last name as jeff cook - a tbav rep)
Why are you censoring Kurt's posting? Are you ashamed of your name?
Dustin is a very fashionable name here in the UK y'know.
> your ever so right, I'll know to use a bogus email addy next
> time I email an antivirus person. Never know how desperate they
> might become :)
Doesn't sound to me like Martin was being desperate. He just likes
things nice-and-tidy. It's so much easier to use people's real names
than remember the pseudonym they're using this week. Look at all the
hassle we had with that bloke pretending to work for Peter Norton, and
claiming his name was G Eubanks...
Graham Cluley
Dustin Cook/RAiD writes:
> In article <6grptm$h9d$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
> >I thought this was about to develop into another of those
> >wonderful alt.comp.virus competitions. So in readiness I
> >leapt to Dejanews to try and find some messages from Dustin
> >Cook. Turns out there are loads... some of them even seem
> >to have his snail mail address.
>
> But, are you *sure* that Dustin Cook is me grahm? :-)
I don't know. Isn't it? Is this yet another pseudonym? Does this mean
we can have a competition after all?
RAiD
In article <6grrj3$ilr$1...@plutonium.compulink.co.uk>,
>participating in the odd ChekMate thread. Seeing as he's not too
>concerned about keeping his identity a secret I'll be very happy to
>include a picture of him on alt.comp.virus.pictures.
minor correction: RAiD has posted here (and is doing so now) I doubt very
much Dustin Cook even reads alt.comp.virus. (You guys do realize what hole
you've dug right? :))
>Have you got a picture of yourself on the net Dustin?
Why don't you ask him? :)
As for me, No, I haven't had a picture taken in some years now.
Graham Cluley
Dustin Cook/RAiD writes:
> Now martin, the jig is up :) Come clean, admit you fingered
> the email addy I emailed you from...:-)
>
> I'm by no means a sports fan...:) and I don't collect baseball
> cards..Muahahaha
>
> So martin, tell the truth, admit..You fucked up :-) Dig that hole.
>
> Here, a shovel...:)
You're searching DejaNews incorrectly. I found loads of posts from
Dustin Cook on DejaNews when I tried. Try again, and check out the
searching instructions more thoroughly.
Graham Cluley
Dustin Cook/RAiD writes:
> In article <6grrj3$ilr$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
> >Dustin Cook has posted on alt.comp.virus quite a few times too..
> >even participating in the odd ChekMate thread. Seeing as he's
> >not too concerned about keeping his identity a secret I'll be
> >very happy to include a picture of him on alt.comp.virus.pictures.
>
> minor correction: RAiD has posted here (and is doing so now) I
> doubt very much Dustin Cook even reads alt.comp.virus. (You guys
> do realize what hole you've dug right? :))
Check out DejaNews. Dustin Cook has posted to alt.comp.virus plenty of
times in the past.
Kurt Wismer
RAiD (nospam.i...@View.signature.Below) wrote:
: In article <Pine.GSO.3.95.980410093528.16711C-100000@eddie>,
: kurt wismer <a270...@cdf.toronto.edu> wrote:
: >think about it, raid, would you use a single scanner only? probably
: >not... why then should you hold martin's product to the fallacious
: >standard of being a complete solution when you don't do so for scanners?
: I didn't claim it should be a complete solution, but as it stands, the
: limited checking it does do, isn't worth your drive space.
it may not be worth your drive space, but that doesn't mean it isn't
worth anybody's drive space... different strokes for different folks...
that happens to be another facet of multi-layer av, by the way...
: It doesn't
: store checksum files for each file,
of course not, that's the realm of the full integrity checker... which
is most secure when used from a clean bootable disk, which means it can't
(easily) use baiting to detect viruses...
yet chekmate does...
it's a targeted integrity checker with some other niceties thrown in...
it is meant to make the full (computationally expensive) integrity check
shedule sparser so as to keep productivity higher...
(at least that's my interpretation)
: it snapshots your boot-sector, and a
: few files from the windows directory, and your command.com, autoexec bat
: etc. How is this even a single layer? please, enlighten me.
you forgot the baiting...
anyways, that's a layer (maybe a thin one, it depends on your
perspective, but it's thicker than mem /c) because it's a means of
monitoring some (not all) potentially viral changes on your computer on
a frequent basis (which can't reasonably be done with a full integrity
checker)...
and while you may not be happy with the files it checks, let me remind
you that plain file infectors are rare in the wild...
--
"the beautiful lull, the dangerous tug,
we get to feel small from high up above.
and after the glimpse, and over the top
the rest of the world becomes a giftshop"
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <892413850.5139.4...@news.demon.co.uk>,
> Chek...@Cavalry.com (Martin Overton) wrote:
>
> >That's a shame Dustin, I hoped that you'd seen the light.
> >I suppose you realise that means I'll have to put my wings away after all
> >and stop practicing my Oinking now ;-)
>
> LoL martin. when this is finished, You realize how stupid your going to
> look right? :-)
>
> >Neither, I knew that such an attack was possible, as are many attacks
>
> You *knew* it was possible eh? Why bother suggesting users rename the bait
> files then? Storing bait file names right in the open, no matter what you
> or others wanna claim, IS a security flaw. And by the looks of things, You
> knew and didn't give a shit. :)
"it's a security flaw because i said so"... blah...
it's a necessity for any program that is meant to be used often... but you
can't seem to see that integrity checkers can fulfill different
functions and play multiple roles in a multi-layered av strategry...
you've come a long way, charlie brown, but you've got a long ways yet to
go...
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <892413846.5139.2...@news.demon.co.uk>,
> Chek...@Cavalry.com (Martin Overton) wrote:
> >Didn't need to you left so many other clues that is was very easy to find
> >your real name via dejanews.
>
> Sure you did martin. Please, post the message where it links that name, or
> just admit using the name is an act of petty revenge for daring to
> challenge you :-)
some revenge... you've given the impression in the past that you didn't
care... why would anyone think it would hurt you...
> Don't you think, had I wanted a name to be used, I would have used it?
you said you real name was easy enough to find, and you didn't care... why
do you care so much now?
maybe you just don't like the fact that it was martin that brought it to
light...
> Would you like someone posting your real address, social security number
> etc? :)
he probably wouldn't mind as much as you would...
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <1998041222481...@nym.alias.net>,
> Spanska <Use-Author-Address-Header@[127.1]> wrote:
> >Hey, Martin, is it the only way you've found to have a revenge
> >on Raid, posting his real name on a public forum? All of you
> >always say that we are immoral and unethical (which is quite
> >true in general), but i see more and more that AV people are
> >the same.
>
> He's desperate. He doesn't want any more anti-chekmate viruses written to
> show his piece of junk program for what it is. :-)
oh yes, raid's got martin on the run now... his next virus will bring
chekware to it's very knees...
hark, is that an invisible pink unicorn i see on the far side of the
linoleum field?
RAiD
In article <6grt6p$kfb$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>Check out DejaNews. Dustin Cook has posted to alt.comp.virus plenty of
>times in the past.
Yes he has, from a bbs as I recall. (reading the posts).
A bbs, yet..Im on an ISP, how do you link them to be the same person?
RAiD
In article <6grsq1$k5p$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>You're searching DejaNews incorrectly. I found loads of posts from
>Dustin Cook on DejaNews when I tried. Try again, and check out the
>searching instructions more thoroughly.
am I? I used standard search, i then went back and found tons from years
ago, from a BBS (does anyone else still remember those?) and I've yet to
see one with him talking about chekmate. His asic posts aren't much, in
fact...if he still codes in asic (which is doubtful) he doesn't/didn't
know as much as I do about the language.
RAiD
In article
<45D02B3E6EB2C1C1.DBF157C2...@library-proxy.airnews.>On Mon, 13 Apr 98 01:49:23 GMT, RAiD wrote:
>
>[that sure was quick]
Doh, sorry..Long post I know.
>RAiD you got me all wrong.
Have i?
RAiD
In article <ErBx4G.JC...@torfree.net>,
cr...@torfree.net (Kurt Wismer) wrote:
>it may not be worth your drive space, but that doesn't mean it isn't
>worth anybody's drive space... different strokes for different folks...
I suppose.
>it's a targeted integrity checker with some other niceties thrown in...
>it is meant to make the full (computationally expensive) integrity check
>shedule sparser so as to keep productivity higher...
which niceties?
>you forgot the baiting...
Doh! So I did...Oops.
>anyways, that's a layer (maybe a thin one, it depends on your
>perspective, but it's thicker than mem /c) because it's a means of
>monitoring some (not all) potentially viral changes on your computer on
>a frequent basis (which can't reasonably be done with a full integrity
>checker)...
I stand corrected then Kurt.
>and while you may not be happy with the files it checks, let me remind
>you that plain file infectors are rare in the wild...
Allow me to remind you...2 of my viruses have been wildlisted for over a
year now...HLLP.5850.C and HLLP.5850.D I believe. There not much to brag
about, but..they are wildlisted.
RAiD
In article <6grsbq$jje$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I don't know. Isn't it? Is this yet another pseudonym? Does this mean
>we can have a competition after all?
I believe we do indeed have a competition.
My name (real one) might not be the one I used for this account...I see
nobody took that into consideration. and btw, thats not illegal.
I also see nobody took into account how many Dustin Cook's there
are..Shrug...details people details. :)
RAiD
In article <6grsbn$jj8$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I just found loads of posts by you (Dustin Cook) on Dejanews. Some of
>them wibbled on about Chekmate, ASIC, and the usual subjects you wibble
>on about. Maybe Martin worked it out from that. Martin knows a thing or
>two about the net - I'm sure he didn't find it too tricky to work out via
>Dejanews.. it's got a powerful search engine.
I can't find any posts about Dustin cook concerning chekmate. I did find
some about asic. However, asic is a widely distributed program...So, Im
sure he and I aren't the only ones using it.
>Why are you censoring Kurt's posting? Are you ashamed of your name?
>Dustin is a very fashionable name here in the UK y'know.
My apologies, I'll let this continue. it's funny actually. Sorry for
'censoring' you kurt.
>Doesn't sound to me like Martin was being desperate. He just likes
>things nice-and-tidy. It's so much easier to use people's real names
>than remember the pseudonym they're using this week. Look at all the
>hassle we had with that bloke pretending to work for Peter Norton, and
>claiming his name was G Eubanks...
How long have i been posting as RAiD? c'mon, do you see any bogus raids?
Graham Cluley
Spanska writes:
> Graham Cluley:
> >What's immoral and unethical about Martin calling RAiD
> >by his real name?
>
> kurt wismer:
> >what's wrong with posting raid's true identity?
>
> it's against the Net ethics. So, unethical. This is a
> word you always use, i thought you could understand it. I
> personally don't bother with the netiquette, but i thought
> you did (i'm so naive sometimes).
I was under the impression that RAiD invited people to find out his true
identity? Wasn't that the case? If not then I'm sorry for getting that
wrong. But it doesn't matter anyway because RAiD says he isn't Dustin
Cook..
Now.. the real person who should be upset is Dustin Cook. Has anyone
contacted him yet? I would imagine he's very upset being linked to a
virus author. Dustin Cook hasn't posted up on alt.comp.virus for a long
time, but he used to.. anyone can find that out for themselves via
DejaNews.
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <Pine.GSO.3.95.980412204733.7798N-100000@eddie>,
> kurt wismer <a270...@cdf.toronto.edu> wrote:
> >what's wrong with posting raid's true identity? he said himself that it
> >was easy to find... that suggests he didn't really care much... then
> >there's all the clues he gave (like being a regular in fido a couple
> >years ago under his real name)...
>
> Indeed kurt, but...Emailing martin a copy of antichek (which I admit was
> foolish, I didnt forge the email header) is where he got my name. His
> claims of finding it via dejanews is a joke to say the least.
frankly i don't see that it matters where he got it... or even that he got
it at all... it's just a name after all... if you think it makes you any
less anonymous you're wrong...
and if you slipped up, tough luck for you...
> >xxxx (whom i do seem to recall vaguely, only because he had the
> >same last name as jeff cook - a tbav rep) hasn't shown all that much
> >concern over hiding his identity... if he had he wouldn't have flaunted
> >the availability of it...
>
> your ever so right, I'll know to use a bogus email addy next time I email
> an antivirus person. Never know how desperate they might become :)
well, i don't see that it matters much anymore... it's become common
knowledge...
what scares me, though, is that i remember claiming it was possible to
write viruses in asic back in the day in fido land...
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <6grptm$h9d$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
> >I thought this was about to develop into another of those wonderful
> >alt.comp.virus competitions. So in readiness I leapt to Dejanews to try
> >and find some messages from Dustin Cook. Turns out there are loads...
> >some of them even seem to have his snail mail address.
>
> But, are you *sure* that Dustin Cook is me grahm? :-)
>
> usit.net isn't a usa wide isp you know :)
>
> Also, on another note, the martin Dustin posts didn't start until *after*
> I emailed him a copy of antichek..He never responded, so..I had no choice
> but to advertise the exploit. His choice :)
they didn't start until quite some time (months) after the antichek virus
thing, actually... you'd think that if it had bothered him so much and he
got your address from that that he'd have stuck it to you (as it were)
much sooner...
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <6grrj3$ilr$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
> >Dustin Cook has posted on alt.comp.virus quite a few times too.. even
> >participating in the odd ChekMate thread. Seeing as he's not too
> >concerned about keeping his identity a secret I'll be very happy to
> >include a picture of him on alt.comp.virus.pictures.
>
> minor correction: RAiD has posted here (and is doing so now) I doubt very
> much Dustin Cook even reads alt.comp.virus. (You guys do realize what hole
> you've dug right? :))
perhaps it's you who's dug himself another hole... from your display of
dejanews competency i've got to wonder....
> >Have you got a picture of yourself on the net Dustin?
>
> Why don't you ask him? :)
>
> As for me, No, I haven't had a picture taken in some years now.
sounds like a man after my own heart...
maybe you could draw yourself... are you any good as an artist?
kurt wismer
On 13 Apr 1998, Spanska wrote:
> Graham Cluley:
> >What's immoral and unethical about Martin calling RAiD by his real name?
>
> kurt wismer:
> >what's wrong with posting raid's true identity?
>
> Simple: it's against the netiquette.
citation please? i was unaware the use of real names was against
netiquette... if this turns out to be true i'm sure i can think up an
alias to use though...
> In other words, it's against
> the Net ethics. So, unethical. This is a word you always use, i
> thought you could understand it. I personally don't bother with
> the netiquette, but i thought you did (i'm so naive sometimes).
i do like to stick to netiquette, actually... could you point out to me
where you got this information?
> Raid is the only person to decide if he wants to see his name
> published on public servers.
and raid gave the impression he didn't care... why should we care if he
doesn't care?
it seems obvious now that he does care but that was most definitely not
the impression that was given before... it seemed to me he was playing
with his identity the way i play with song lyrics in my sig...
besides, he could have denied his identity... you're familiar with
repudiation, right?
i'll not use the name in future though, and my advice to martin is to
refrain aswell - if for no other reason than it gives raid justification
for escalating things... this has become more about egos than about
viruses and anti-virus security if you ask me...
> You can trace him if you have time
> to loose, it's your problem. But keep the info for you. You can
> think it's funny to annoy him. I don't think so. Immaturity is
> not always on the virus author side.
it was never my intention to hurt raid... if he likes the name raid better
than the one his parents gave him, thats fine... i've not always been
satisfied with my own name... it's rather curt, if you ask me..
> Posting Raid's name reminds me lynching. If he has problems, i
> hope, at least, that you will not have the hypocrisy to say:
> "it's not my fault, that was just to have fun".
i don't imagine he'll have problems... at least not so long as he conducts
himself in a civilized manner... it's not the first time his real name has
been known...
RAiD
In article <6grvl4$m5n$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I was under the impression that RAiD invited people to find out his true
>identity? Wasn't that the case? If not then I'm sorry for getting that
>wrong. But it doesn't matter anyway because RAiD says he isn't Dustin
>Cook..
I didn't invite people to hold a lynching Grahm, no. :)
>Now.. the real person who should be upset is Dustin Cook. Has anyone
>contacted him yet? I would imagine he's very upset being linked to a
>virus author. Dustin Cook hasn't posted up on alt.comp.virus for a long
>time, but he used to.. anyone can find that out for themselves via
>DejaNews.
Yea, he should be contacted. he might have a case with Martin
for..slander..:)
And anyone else who still wants to play.
RAiD
In article <Pine.GSO.3.95.980412222841.4790B-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>some revenge... you've given the impression in the past that you didn't
>care... why would anyone think it would hurt you...
Impression eh? Pfft..copout kurt.
>you said you real name was easy enough to find, and you didn't care...
>why do you care so much now?
Shrug...kurt, you can try and find a loophole around this if you
must..But, I feel dustin cook might have a valid reason for a lawsuit, if
ever it was actually possible. And yes, he could possibly sue me, but..I
wouldnt be the only one. After all, Im not the one who started making
claims :)
>maybe you just don't like the fact that it was martin that brought it to
>light...
LoL
>
>he probably wouldn't mind as much as you would...
You wouldn't mind either right kurt?
RAiD
In article <Pine.GSO.3.95.980412223921.4790E-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>what scares me, though, is that i remember claiming it was possible to
>write viruses in asic back in the day in fido land...
Must have been before my fido days. :)
RAiD
In article
<FE2E753D1EA84385.42857ECE...@library-proxy.airnews.>How does posting someone's 'real name' equate to posting someone's,
>address, ss#, etc ?
Well, whats the difference? if someone whishes to pull punches, why
not..Pull them all eh? :)
RAiD
In article <Pine.GSO.3.95.980412225828.4790H-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>perhaps it's you who's dug himself another hole... from your display of
>dejanews competency i've got to wonder....
Nah...If dustin contacts me about this, I'll explain..I don't want him
pissed off at me, when you guys are the ones linking us :)
>sounds like a man after my own heart...
Nah...
>maybe you could draw yourself... are you any good as an artist?
I can't draw a straight line with a ruler Kurt. I'm by no means an artist.
:) Thats why theres no graphics on my webpage...heh
Graham Cluley
RAiD writes:
> In article <6grsbq$jje$1...@plutonium.compulink.co.uk>,
> >this mean we can have a competition after all?
>
> I believe we do indeed have a competition.
Okay - so to have a proper competition we'll have to someone independent
as the judge. Who shall we have as a judge?
Graham Cluley
RAiD writes:
> In article <6grt6p$kfb$1...@plutonium.compulink.co.uk>,
> >plenty of times in the past.
>
> Yes he has, from a bbs as I recall. (reading the posts).
Maybe.
> A bbs, yet..Im on an ISP, how do you link them to be the same person?
Did you see the posts where he gave another email address? The email
address he gave was an interesting coincidence. Small world eh?
Graham Cluley
RAiD writes:
> I can't find any posts about Dustin cook concerning chekmate.
You're not looking hard enough.
Graham Cluley
Kurt Wismer writes:
> i'll not use the name in future though, and my advice to martin
> is to refrain aswell - if for no other reason than it gives raid
> justification for escalating things... this has become more
> about egos than about viruses and anti-virus security if you
> ask me...
But RAiD is now saying he isn't Dustin Cook. According to him we're a
bunch of plonkers for believing Martin when he said RAiD's name was
Dustin Cook. Or have I got confused? Maybe it's time I went to bed.
Graham Cluley
RAiD writes:
> But, I feel dustin cook might have a valid reason for a lawsuit,
> if ever it was actually possible. And yes, he could possibly sue
> me, but..I wouldnt be the only one. After all, Im not the one
> who started making claims :)
I think it's about time we heard Dustin Cook's point of view on all this.
Has anyone emailed him yet to tell him this is going on?
Graham Cluley
RAiD writes:
> Yea, he should be contacted. he might have a case with Martin
> for..slander..:) And anyone else who still wants to play.
Contact him and get him to post up here. That should sort this unsavoury
mess out.
At the same time we'll ask Carey to get the real Gordon Eubanks to post
up here.
RAiD
In article <6gs1ql$o68$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>Okay - so to have a proper competition we'll have to someone independent
>as the judge. Who shall we have as a judge?
Almost realtime grahm...You should stop by irc...We could chat about this
in realtime.. Now on to your question..
Since im the one on trial, I'd appreciate a fair jury :) Not av nor vx
related...That way, theres less of a chance of bias..Although, I wont get
my hopes up.
RAiD
In article <6gs1qp$o6k$1...@plutonium.compulink.co.uk>,
>
>> I can't find any posts about Dustin cook concerning chekmate.
>
>You're not looking hard enough.
Would you mind posting the ones you found then?
RAiD
In article <6gs1qo$o6e$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>Did you see the posts where he gave another email address? The email
>address he gave was an interesting coincidence. Small world eh?
Another email address? hrm...I know of one, his shareware support address
(which he doesnt respond too it seems). Which other?
RAiD
In article <Pine.GSO.3.95.980412230243.4790I-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>citation please? i was unaware the use of real names was against
>netiquette... if this turns out to be true i'm sure i can think up an
>alias to use though...
If the person doesn't post with his/her name, Why the need to find the
realname?
I'm going by BBS ethics here, forgive me if net ones arent the same..(its
been awhile since ive checked)
>and raid gave the impression he didn't care... why should we care if he
>doesn't care?
Giving an impression is one thing kurt..But, this has gone way too far...
>besides, he could have denied his identity... you're familiar with
>repudiation, right?
I have time and time again, Yet you still call me Dustin. hell, theres a
thread now...
>i'll not use the name in future though, and my advice to martin is to
>refrain aswell - if for no other reason than it gives raid justification
>for escalating things... this has become more about egos than about
>viruses and anti-virus security if you ask me...
Wars have been started over hurt egos..or was that love...hrmpf.
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <6grt6p$kfb$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
>
> >Check out DejaNews. Xxxxxx Xxxx has posted to alt.comp.virus plenty of
> >times in the past.
>
> Yes he has, from a bbs as I recall. (reading the posts).
>
> A bbs, yet..Im on an ISP, how do you link them to be the same person?
content similarities... the sands of time may have seen fit to change your
provider but..,
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <6grsbq$jje$1...@plutonium.compulink.co.uk>,
> san...@cix.co.uk ("Graham Cluley") wrote:
>
> >I don't know. Isn't it? Is this yet another pseudonym? Does this mean
> >we can have a competition after all?
>
> I believe we do indeed have a competition.
>
> My name (real one) might not be the one I used for this account...I see
> nobody took that into consideration. and btw, thats not illegal.
>
> I also see nobody took into account how many Xxxxxx Xxxx's there
> are..Shrug...details people details. :)
it's a little late for denials now, don't you think?
"how long have you been cheating on me?"
"how did you know i was cheating on you?
"you just told me"
RAiD
In article <MPG.f9af8254...@news.srv.ualberta.ca>,
gwe...@gpu.srv.ualberta.ca (George Wenzel) wrote:
>Martin is by no means legally, morally, or ethically obliged to keep
>Raid's real name a secret, as far as I can tell.
And if it turns out martin was wrong, and Dustin wishes to press charges?
:)
Graham Cluley
RAiD writes:
> In article <6gs1ql$o68$1...@plutonium.compulink.co.uk>,
> >independent as the judge. Who shall we have as a judge?
>
> Almost realtime grahm...You should stop by irc...We could chat
> about this in realtime.. Now on to your question..
>
> Since im the one on trial, I'd appreciate a fair jury :)
It's not a trial - it's a competition. You said you wanted to have a
competition. We're not interested in putting you on trial about your
name.
All we need is a judge to judge the competition.. that's different from a
trial judge.
> Not av nor vx related...That way, theres less of a chance of
> bias..Although, I wont get my hopes up.
We've had people judge competitions on alt.comp.virus before - would one
of those people be acceptable?
RAiD
In article <6gs280$ogr$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>But RAiD is now saying he isn't Dustin Cook. According to him we're a
>bunch of plonkers for believing Martin when he said RAiD's name was
>Dustin Cook. Or have I got confused? Maybe it's time I went to bed.
I realize I can't seem to let this die...I mean, you'll post with Hi
dustin if you desire. however, such posts will have to be ignored in the
future...Eventually this thread will die off, or..Dustin might have some
legal options..Which, if hes reading this, I hope he doesn't go after
me...I'm *not* the one who started this.
RAiD
In article <Pine.GSO.3.95.980412232858.4790L-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>it's a little late for denials now, don't you think?
Denials? Kurt, unless you have some REAL HARD EVIDENCE claiming *I* am
Dustin Cook, i'd give it up. This is a no-win situation. and dejanews
posts, or evening fingering the real email addy won't help...
Oh well...gotta admit, acv has increased bandwidth as a result of this..
Since your both online at this time, would anyone care to discuss this
realtime? I'm on undernet irc...In a server split right now, But..I can be
found in #virus...
Just an offer.
>
>"how long have you been cheating on me?"
>"how did you know i was cheating on you?
>"you just told me"
>
RAiD
In article <Pine.GSO.3.95.980412232504.4790K-100000@eddie>,
kurt wismer <a270...@cdf.toronto.edu> wrote:
>content similarities... the sands of time may have seen fit to change
>your provider but..,
And my geographical location as well? That BBS was located in Maine, since
I don't make toll calls, I can't verify if its still online or not.
Usit.net is not in maine, nor am I...
Graham Cluley
RAiD writes:
> In article <6gs1qp$o6k$1...@plutonium.compulink.co.uk>,
> >
> >> I can't find any posts about Dustin cook concerning
> >> chekmate.
> >
> >You're not looking hard enough.
>
> Would you mind posting the ones you found then?
Not without Dustin Cook's permission.
Graham Cluley
RAiD writes:
> In article <6gs1qo$o6e$1...@plutonium.compulink.co.uk>,
> >The email address he gave was an interesting coincidence.
> >Small world eh?
>
> Another email address? hrm...I know of one, his shareware
> support address (which he doesnt respond too it seems).
What email address is that then?
Is Dustin Cook a buddy of yours?
Graham Cluley
RAiD writes:
> In article <Pine.GSO.3.95.980412230243.4790I-100000@eddie>,
> kurt wismer <a270...@cdf.toronto.edu> wrote:
> >citation please? i was unaware the use of real names was against
> >netiquette... if this turns out to be true i'm sure i can think up an
> >alias to use though...
>
> If the person doesn't post with his/her name, Why the need to
> find the realname?
I thought you challenged someone to find out your real identity? Didn't
you? Anyway, it shouldn't bother you if that's not your real name. It's
Dustin Cook who should be upset.
> I'm going by BBS ethics here, forgive me if net ones arent the
same..(its
> been awhile since ive checked)
Oh - did you spend a lot of time on BBSes in the past then?
RAiD
In article <6gs2k4$os1$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>Contact him and get him to post up here. That should sort this unsavoury
>mess out.
If you can't reach him, how the hell am I supposed too?
kurt wismer
On Mon, 13 Apr 1998, RAiD wrote:
> In article <ErBx4G.JC...@torfree.net>,
> cr...@torfree.net (Kurt Wismer) wrote:
>
> >it may not be worth your drive space, but that doesn't mean it isn't
> >worth anybody's drive space... different strokes for different folks...
>
> I suppose.
cool, i didn't realize my posts from torfree.net got out this quick...
> >it's a targeted integrity checker with some other niceties thrown in...
> >it is meant to make the full (computationally expensive) integrity check
> >shedule sparser so as to keep productivity higher...
>
> which niceties?
baiting, and the cryptographic strength of md5 over a crc... a full
integrity ckecker can get away with a crc and still be plenty secure so
long as it uses different generating polynomials for each installation...
it can get away with this because (ideally) it's being used from a clean
floppy disk that the virus doesn't have access to, and thus it doesn't
have access to the generating polynomial and can't 'corrupt' files in an
undetectable way... when the software is used on the hard disk itself this
is no longer the case so something like md5 becomes more desirable...
of course because more secure hashes generally take more time to compute
it becomes less desirable to use them on *all* files...
> >anyways, that's a layer (maybe a thin one, it depends on your
> >perspective, but it's thicker than mem /c) because it's a means of
> >monitoring some (not all) potentially viral changes on your computer on
> >a frequent basis (which can't reasonably be done with a full integrity
> >checker)...
>
> I stand corrected then Kurt.
that's what the cynic said to the chiropractor...
> >and while you may not be happy with the files it checks, let me remind
> >you that plain file infectors are rare in the wild...
>
> Allow me to remind you...2 of my viruses have been wildlisted for over a
> year now...HLLP.5850.C and HLLP.5850.D I believe. There not much to brag
> about, but..they are wildlisted.
they're *still* rare, even when they are in the wild...
Graham Cluley
RAiD writes:
> In article <6gs280$ogr$1...@plutonium.compulink.co.uk>,
> >we're a bunch of plonkers for believing Martin when he said
> >RAiD's name was Dustin Cook. Or have I got confused? Maybe
> >it's time I went to bed.
>
> I realize I can't seem to let this die...I mean, you'll post
> with Hi dustin if you desire. however, such posts will have to
> be ignored in the future...Eventually this thread will die off,
> or..Dustin might have some legal options..Which, if hes reading
> this, I hope he doesn't go after me...I'm *not* the one who
> started this.
None of this seems to have anything to do with the paragraph of mine you
quoted. But I'll respond anyway.
I think you owe it to Dustin to tell him about what's going on here. It
will help clear up everything if he posts up here. I'm sure he can
explain everything.
Graham Cluley
RAiD writes:
> His asic posts aren't much, in fact...if he still codes in asic
> (which is doubtful) he doesn't/didn't know as much as I do
> about the language.
How dare you slander Dustin Cook's ASIC programming skills.
Graham Cluley
RAiD writes:
> In article <6gs2k4$os1$1...@plutonium.compulink.co.uk>,
> >this unsavoury mess out.
>
> If you can't reach him, how the hell am I supposed too?
I thought you said you knew him?
RAiD
In article <6gs3fo$phl$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>Not without Dustin Cook's permission.
Say What? You sure as hell didn't mind linking me with him..Since when did
you care about his permission? give me a break...
I just did a power search on dejanews..found 3 posts from him.
One about weed.3263 infecting an older computer he had, another about his
nuke program (which I have a copy of) and yet another in some batch file
newsgroup...
if you wont post the damn thing, atleast give me an idea where to find it.
RAiD
In article <6gs3fs$pi1$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I thought you challenged someone to find out your real identity? Didn't
>you? Anyway, it shouldn't bother you if that's not your real name. It's
>Dustin Cook who should be upset.
It does bother me tho...It's an annoyance. :) As for him, if hes still
around yea, Id be pissed off too.
>Oh - did you spend a lot of time on BBSes in the past then?
Who didn't? It was the thing to do :)
RAiD
In article <6gs3fq$phr$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>What email address is that then?
Its in his Nuke program docs..
You did find that post didnt you? if you didnt, grab it from
simtel..nuke32s.zip or something, the docs list his email address.
>Is Dustin Cook a buddy of yours?
No.
RAiD
In article <6gs47a$q6a$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>How dare you slander Dustin Cook's ASIC programming skills.
Why not? I slander martin all the time. I don't think Dustin will get
pissed about that. Hell, his last program was released 2 years ago..I
doubt hes even around.
RAiD
In article <6gs4id$qer$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I thought you said you knew him?
When did I say I knew him? Having someones email address which i got from
a program of his counts as knowing him now? er...
RAiD
In article
<C5BE078C21F99BDE.205CFF15...@library-proxy.airnews.
net>,
spam.go...@pc-pro.com (Ernest Petter) wrote:
>Once again I'm sure I don't know what you mean. Don't they have an 800
>number? [Yes, I know it's not a maxen] How about 10 cents a minute?
>Maybe it's that smiley that throws me off? :-)
think about that for just a second. yes they have an 800 number, at around
10 cents a minute..Ahem, don't you think that would get slightly
expensive? Espicially if i was calling from Maine? (I'd have to in order
to be him)...well?
RAiD
In article
<364E9341B5D8DE0A.20669D2F...@library-proxy.airnews.
>Aren't you a bbs haxor from way back? ;-)
I see.. first, link Dustin and myself as one person, if that fails, link
me to hacking? Shudder...What next? Am I elvis too?
RAiD
In article <6gs477$q64$1...@plutonium.compulink.co.uk>,
san...@cix.co.uk ("Graham Cluley") wrote:
>I think you owe it to Dustin to tell him about what's going on here. It
>will help clear up everything if he posts up here. I'm sure he can
>explain everything.
Why do *I* owe him? I didn't go around claiming I was him now did I? No
sir, its you, martin and kurt if anyone who owes him. Not me.
RAiD
In article
<FBA6451E49660C25.60CDC258...@library-proxy.airnews.
>
>>Usit.net is not in maine, nor am I...
>
Would you like me to quote How I know hes in maine?
It says so in all of his programs.
Graham Cluley
RAiD writes:
> In article <6gs3fo$phl$1...@plutonium.compulink.co.uk>,
>
> Say What?
I said I can't post Dustin Cook's message up here without his permission.
> You sure as hell didn't mind linking me with him..
Eh? When have I linked you with him? It's *me* who has been defending
you!! I've been recommending you get in touch with Dustin, and tell him
to post up here. Especially now you've started denying you're one and
the same person.
> Since when did you care about his permission? give me a break...
The threads about ChekMate clearly have ChekMate in the title. They're
easy to find.
> I just did a power search on dejanews..found 3 posts from him.
Obviously not powerful enough.
> One about weed.3263 infecting an older computer he had,
Isn't that one of the viruses you wrote? Small world.