David B <Dav...@nomail.invalid>
news:nfvij8$f8r$
1...@boaterdave.dont-email.me Fri, 29 Apr 2016 12:07:27
GMT in alt.computer.workshop, wrote:
> Quote!
> *****
>
> There is no love lost between the people who write malware and the
> anti-virus companies who work hard to protect innocent users
> against them.
Depends on what you mean by working hard. Some AVers tend to spend
their 'productive' time using reporters to talk shit about so and so
VXer in an effort to boost sales of their employers product(s).
This article is 10+ years out of date.
As you seem to appreciate Graham Clueless Cluley so much, you might like to read about this:
http://virus.wikia.com/wiki/Coconut
And lets not forget this one:
http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=10327
Did you know that a reporter local to your area (generally speaking)
invited me to a cup of tea for a sit down interview concerning
Toadie? Evidently, it was doing well in your country despite my not
seeing any activity on this side of the pond. When that reporter
contacted me initially, I was already working on irok, assuming
(wrongfully in hindsight) that Toadie was a dud - ie: didn't make
wild. couldn't survive for one reason or another.
I don't know why that reporter and yourself ever thought I was a
local to your area...That still puzzles me to this day. I'm not
british.
Here's one of the news articles he had quite a bit of involvement in
where he LIED his ass off concerning myself and Toadie. I sent his
employer a copy of this news article and a copy of the reporters
email as well as a copy of Graham Cluley denying he did what I
accused him of.
His usenet post from work! no less [g]; no denying he made the post
that denied talking to the reporter(s), where as their emails (as
well as the one I sent each of them) directly disputing his claim.
ALL sent to his employer. Yes, I'd reach out to various AV just like
I did your friends jenn and eagle, David. I don't play. I'm not a
script kiddie and, I won't be bullied by anyone.
Believe it or not, David. But, those of us who were VX that would
occasionally interact with joe public did have pull with joe public.
They listened to what we had to say and took our technical expertise
for what it is; actual demonstrated, expertise. Some would even ask
questions, because they weren't sure about what the mouthpiece from
Sophos was telling them. or various other so called experts in the
field of AV.. but actually weren't. I'm not trying to come across as
an egotistical fuck or anything else, David... what I've written in
this post is what happened. Cluley isn't the individual you think he
is, but, I can certainly understand why you'd be so cozy towards
him. I'm not sure of it's a british thing in particular or not. I
would like to think it isn't, and, the two of you are just
exceptional assholes.
Btw, Shortly after all this went down, Cluless Cluley was muzzled by
sophos for usenet posts engaging VX. IE: wasn't allowed to 'taunt'
or talk to reporters and feed them anymore bullshit, especially if
said reporter wouldn't cover for him.
http://www.zdnet.com/article/virus-writer-turns-tail-covers-tracks/?_escaped_fragment_=#!
"Raid", a virus-writer who distributed the Toadie.exe virus and then
taunted the authorities on a number of public newsgroups, could now
be trying to cover his tracks, according to one anti-virus expert.
Sources at Sophos anti-virus believe that the authorities may
already be hot on the trail of this individual after his or her
virus crippled the Austrian headquarters of one of their major
international clients over the weekend. Raid posted Toadie.exe to
various warez sites disguised as a password cracking program.
Raid has subsequently attempted to erase a number of these messages
and has is prevented them from being archived at newsgroup site
Deja.com.
Graham Cluley, senior technical consultant with Sophos anti-virus
believes Raid could now be in big trouble. He said, "Raid is playing
a very, very dangerous game. The US authorities have shown that they
are prepared to pursue this sort of thing by any means."
Cluley thinks that this case could also have put the wind up Raid.
He added, "Raid has been fairly quiet of late. Maybe he's just
getting on with his real life, or he's found girls or something, but
he could well have taken a look at this case and got the
heebie-jeebies."
*** end copy
I didn't distribute Toadie on anything besides my website. When
pulled from my website, it was completely harmless and unable to
infect any systems unless the individual who downloaded it took
additional steps. Several, deliberate, steps. in a specific order.
As far as taunted authorities, I didn't do that either. It's usenet!
How in the fuck would I know if so and so is/isn't police/fed/other
acronym short of them telling me and my being able to independently
confirm it?
Clueless cluley was talking shit in that entire article. Nobody was
'hot on my trail' I didn't do anything illegal. Toadie and Melissa
are different in that respect. I didn't let a viable copy of toadie
'loose' on the general public already armed and ready to kill.
Vicoden, OTH, did.
When I asked the asshat specific details concerning that BULLSHIT
article, he denied having stated those things, said the reporter
made it up/quoted him out of context. BULLSHIT. I contacted that
reporter and several others who ran stories very close to that one.
They ALL stated that cluley provided them that information and that
they didn't make anything up to sensationalize the story. They
didn't need too, cluley did it for them.
I sent cluleys employer copies of those emails,
along with my usenet posts and his. Sophos muzzled his fat ass as a
result shortly there after. No more taunting VX on usenet, no more
bsing reporters.
Av/VX alike knew the material offered on my website was provided in
a NON INFECTIOUS state. The original toadie archive was laid out like this:
PKUNZIP (R) FAST! Extract Utility Version 2.50 03-01-1999
Copr. 1989-1999 PKWARE Inc. All Rights Reserved. Shareware Version
PKUNZIP Reg. U.S. Pat. and Tm. Off.
ş Pentium II class CPU detected.
ş XMS version 2.00 detected.
ş DPMI version 0.90 detected.
Searching ZIP: /HHI/RAID/TOAD12B.ZIP
Length Method Size Ratio Date Time CRC-32 Attr Name
------ ------ ----- ----- ---- ---- -------- ---- ----
2049 DeflatN 1047 49% 08-24-1999 00:34 cf7d915c --wa DESC.SDI
2049 DeflatN 1047 49% 08-24-1999 00:34 cf7d915c --wa FILE_ID.DIZ
9100 DeflatN 8864 3% 08-27-1999 15:31 f42deb18 --wa TOADIE.EXE
4702 DeflatN 2183 54% 08-24-1999 00:33 13bf2f23 --wa TOADIE.NFO
17038 DeflatN 7160 58% 06-15-1998 18:26 62f65fd7 --wa WARNING.YOU
------ ------ --- -------
34938 20301 42% 5
From the toadie.nfo file:
Toadie's engine has a 'Safe Infect' feature. Which means, until a file has
become infected, Toadie's payloads are off, and it is restricted to current
directory only. Only when Toadie is executed from an infected file are
the payloads and other spreading systems online. This allows you to safely
study Toadie, infecting executables without any risk to yourself. Of course,
this feature was only added for EDUCATIONAL PURPOSES! The author is not
suggesting in any way shape or form, nor was this routine written to break
any laws or suggest to do so in any way shape or form.
Cluley LIED about everything in the news media report above and this
one as well: That's the zip file you could have gotten from my
website, back in the day. There's no way in hell I was responsible
directly for it having hit Toyota Corporation or anyone else. Btw,
Sophos antivirus was protecting those machines at the time they
caught Toadie. I understand cluleys need to make me out to be a
righteous bad guy on the run, after all.. I did just spank their
product on a corporate environment that isn't exactly, unknown. [g]
It wasn't even the initial version that hit them (I knew people who
worked at Sophos too, that were far friendlier towards me than
cluley; they shared infos and contributed to my succesful cluley
muzzling) Each virus family had certain things in common. I wasn't
as concerned with being detected as I was with making your ability
to remove me a time consuming/difficult process. Detection could be
as simple as a definitions update. Removal will require you to spend
time studying my code and writing DEDICATED code to deal with it.
IE: an engine update to specifically handle what I wrote.
http://www.zdnet.com/article/toadie-virus-poses-serious-threat/
Graham Cluley, senior technical consultant with Sophos Anti-Virus,
warns the attack should be taken seriously. "The fact that it's
being actively distributed in the same way to Melissa, is very
worrying," he says.
Toadie.exe is written in high level language, ASIC, and attaches
itself to email messages waiting to be sent.
Toadie's creator, "Raid", is actively distributing the virus in the
guise of a program for cloning cell-phones as well as a program
designed to generate adult site passwords, says Sophos.
I didn't distribute Toadie via any cell phone cloning application
and Sophos backed off concerning that accusation in a hurry when I
contacted the reporter about it. I wasn't one who could be bullied
and/or punked by Avers that like to talk shit to reporters. Not only
would I reach out to those reporters, I'd go and humiliate the AV
company via usenet and various websites that keep track of the 'war'
I'm *proud* to have caught Cluley outright in several lies, to the
point where his own employer (sophos) felt it necessary to put a
leash on their dog. He was clearly abusing his position.
When Irok was created, various AV companies had no idea what it was
actually doing (the protective layers on the exe made things very
difficult; it couldn't be tricked into doing much by poorly written
emulation software. It had to actually be run on the intended
environment, and/or somebody who was higher ranking than an
assembler asshat would have needed to try and reverse engineer it.
IROK's binary was well protected against such activity; which also
made their emulation software worthless.
So, they literally copy/pasted some things I wrote on usenet
concerning the virus when infected people would ask me about it. The
AVers didn't know what it was doing, so, they used my answers and
passed them off as their own in the descriptions for it.
Initially, they all claimed irok would corrupt your hard disk
requiring a reformat. It wasn't ever a true statement and it grossly
exposed various levels of incompetence and skillset differences. As
well as the gap between knowledge. As I said, I've been doing this a
long long time. So, I've seen the extended ascii character set being
used as a form of copy protection which is what irok did to 'fake' a
HD crash. An experienced tech (wouldn't even have to be a coder)
would have been able to determine something was up, but an actual
crash was unlikely. A dead giveaway: the HD space used and available
space wasn't altered. IE: you'd expect to see some crazy numbers
outside of the drives given range had a real file table system issue
been present.
IE: the same trickery I used to expose pooh for the half ass fuckwit
she is (remember, it took her days to learn that I was taunting you
with a hex encoded message... they still haven't been able to tell
you what the hell I did to switch it up. A real technician (and some
have already done it and proudly emailed me a copy of the message
decoded) would notice exactly what they're looking at as soon as
they decoded HEX...
This is essentially the same thing IRoK did to various AV/wannabe AV
'experts' embarrased them.
Atleast one intelligent individual who knew nothing about how
viruses actually worked did figure out what I'd done and he was able
to save ALL of his information. He didn't lose a damn thing besides
the time required to undo my trick. Had he taken the advice offered
by the so called AV experts, he would have toasted his system and
lost anything he didn't have a copy of. The user didn't even need to
reload his machine. He lost nothing; because he was able to
determine what I'd done. Something AVers PAY people good salaries to
do.
It's inexcusable. Cluless cluley hasn't improved much and he's just
been filling you full of shit concerning me. Btw, Irok was written
and released AFTER Toadie. Obviously, I wasn't 'scared' of anyone
knocking my door in. Didn't run, didn't try to cover my tracks. ALL
of that was complete horse shit straight from the asshat cluless
cluley (who did btw, suggest people to reformat and reload to
recover from iroks payload) IE: technologically incompetent FUCKING
MORON.
--
MID: <nb7u27$crn$
1...@boaterdave.dont-email.me>
Hmmm. I most certainly don't understand how I can access a copy of a
zip file but then not be able to unzip it so I can watch it. That
seems VERY clever!
http://al.howardknight.net/msgid.cgi?ID=145716711400