Comments on: eEye and malware? http://www.computerdefense.org/2008/01/eeye-and-malware/ Sharing my thoughts with the world. Wed, 16 Nov 2011 02:58:20 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: kurt wismer http://www.computerdefense.org/2008/01/eeye-and-malware/comment-page-1/#comment-77436 kurt wismer Mon, 19 Jan 2009 14:20:06 +0000 http://www.computerdefense.org/2008/01/07/eeye-and-malware/#comment-77436 a) this the first mention i've seen of it being modified (perhaps i haven't read the articles closely enough), but even so the fact that they armed the bad guys is beyond question... being modified doesn't change where it originally came form... b) who says defenses weren't developed? cross-view diff works on it, signatures were added to scanners ages ago, but none of that necessarily means it can't still get into the wild - unfortunately malware just isn't that cut and dried (or were you perhaps thinking that after 20 years someone should have figured out how to make boot sector malware impossible?) as for most of the rest of your arguments, if we were talking about an exploit your arguments would have some weight, but we're talking about malware... please tell me you can distinguish between malware research issues and vulnerability research issues... i've said it before and i'll say it again, people who are supposed to be anti-X shouldn't go around making new Xes... regardless of the intentions, it contributes to the problem, and making them freely downloadable by anyone compounds that effect... and the reason i'm picking on them now is because i became aware of it now... if i'd been aware of it in 2005 i would have said something then and then when i said they were arming the bad guys it would have seemed far fetched and hypothetical instead of patently obvious as it now is... a) this the first mention i've seen of it being modified (perhaps i haven't read the articles closely enough), but even so the fact that they armed the bad guys is beyond question… being modified doesn't change where it originally came form…
b) who says defenses weren't developed? cross-view diff works on it, signatures were added to scanners ages ago, but none of that necessarily means it can't still get into the wild – unfortunately malware just isn't that cut and dried (or were you perhaps thinking that after 20 years someone should have figured out how to make boot sector malware impossible?)

as for most of the rest of your arguments, if we were talking about an exploit your arguments would have some weight, but we're talking about malware… please tell me you can distinguish between malware research issues and vulnerability research issues…

i've said it before and i'll say it again, people who are supposed to be anti-X shouldn't go around making new Xes… regardless of the intentions, it contributes to the problem, and making them freely downloadable by anyone compounds that effect…

and the reason i'm picking on them now is because i became aware of it now… if i'd been aware of it in 2005 i would have said something then and then when i said they were arming the bad guys it would have seemed far fetched and hypothetical instead of patently obvious as it now is…

]]> By: kurt wismer http://www.computerdefense.org/2008/01/eeye-and-malware/comment-page-1/#comment-39658 kurt wismer Tue, 08 Jan 2008 20:50:49 +0000 http://www.computerdefense.org/2008/01/07/eeye-and-malware/#comment-39658 just to confirm, you're right about this being a modification of the original bootroot... it wasn't all that clear in the prevx blog post and i didn't bother reading the gmer page at first because the prevx page was plenty detailed already but the gmer page does make it clear that it's a modified version of bootroot and there have been a few additional blog posts that also make it clear that it's a modification of bootroot... that said, i stand by the rest of what i said, including the part about eeye arming the bad guys... it doesn't matter that the bad guys may have figured out how to do it on their own eventually, eeye could and should have done more to make sure they had no part in helping the bad guys... just to confirm, you’re right about this being a modification of the original bootroot… it wasn’t all that clear in the prevx blog post and i didn’t bother reading the gmer page at first because the prevx page was plenty detailed already but the gmer page does make it clear that it’s a modified version of bootroot and there have been a few additional blog posts that also make it clear that it’s a modification of bootroot…

that said, i stand by the rest of what i said, including the part about eeye arming the bad guys… it doesn’t matter that the bad guys may have figured out how to do it on their own eventually, eeye could and should have done more to make sure they had no part in helping the bad guys…

]]> By: kurt wismer http://www.computerdefense.org/2008/01/eeye-and-malware/comment-page-1/#comment-39643 kurt wismer Tue, 08 Jan 2008 12:58:14 +0000 http://www.computerdefense.org/2008/01/07/eeye-and-malware/#comment-39643 a) this the first mention i've seen of it being modified (perhaps i haven't read the articles closely enough), but even so the fact that they armed the bad guys is beyond question... being modified doesn't change where it originally came form... b) who says defenses weren't developed? cross-view diff works on it, signatures were added to scanners ages ago, but none of that necessarily means it can't still get into the wild - unfortunately malware just isn't that cut and dried (or were you perhaps thinking that after 20+ years someone should have figured out how to make boot sector malware impossible?) as for most of the rest of your arguments, if we were talking about an exploit your arguments would have some weight, but we're talking about malware... please tell me you can distinguish between malware research issues and vulnerability research issues... i've said it before and i'll say it again, people who are supposed to be anti-X shouldn't go around making new Xes... regardless of the intentions, it contributes to the problem, and making them freely downloadable by anyone compounds that effect... and the reason i'm picking on them now is because i became aware of it now... if i'd been aware of it in 2005 i would have said something then and then when i said they were arming the bad guys it would have seemed far fetched and hypothetical instead of patently obvious as it now is... a) this the first mention i’ve seen of it being modified (perhaps i haven’t read the articles closely enough), but even so the fact that they armed the bad guys is beyond question… being modified doesn’t change where it originally came form…
b) who says defenses weren’t developed? cross-view diff works on it, signatures were added to scanners ages ago, but none of that necessarily means it can’t still get into the wild – unfortunately malware just isn’t that cut and dried (or were you perhaps thinking that after 20+ years someone should have figured out how to make boot sector malware impossible?)

as for most of the rest of your arguments, if we were talking about an exploit your arguments would have some weight, but we’re talking about malware… please tell me you can distinguish between malware research issues and vulnerability research issues…

i’ve said it before and i’ll say it again, people who are supposed to be anti-X shouldn’t go around making new Xes… regardless of the intentions, it contributes to the problem, and making them freely downloadable by anyone compounds that effect…

and the reason i’m picking on them now is because i became aware of it now… if i’d been aware of it in 2005 i would have said something then and then when i said they were arming the bad guys it would have seemed far fetched and hypothetical instead of patently obvious as it now is…

]]>