[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: STEALTH OCEAN
On Thu, 24 Feb 1994, Brian D Williams wrote:
> Why not "Parasitize" your program on to Command.com like many
> viruses do? The "Stealth" viruses also employ code that will not
> reveal the change in size to either MEM or CHKDSK, such code can
> also restore the timestamp.
This is a possibility, but one would have to make sure that the resulting
file is indistinguishable from a normal file if one hopes to elude any
but the most casual observers. Having a noise block at the beginning of the
program is definately a telltale sign that something is amiss. An simple
dissasembly of the program is all it would take to be sure that the strange
looking noise block doesn't belong. And, if the moethod you've suggested
becomes popular, a standard scan of .COM or .EXE files could be implemented
by your opponent(s).
However, this solution might be effected provided that one somehow makes
the "noise" block look like a legitimate part of the program it has
parasitized. It must also pass the dissasembly test.
Another idea might be to make one's "noise" file look like a legitimate
Clipper encrypted file. Imagine the frustration that would be felt by
your opponent when even the seemingly appropriate escroe key that he has
spent months aquiring is of no avail in decrypting the file! Of course,
your efforts are going to be for naught when he realizes that your Clipper
file is nothing of the sort. :( Back to square 1.
>
>
> Brian Williams
> Extropian
> Cypherpatriot
>
> "Cryptocosmology: Sufficently advanced comunication is
> indistinguishable from noise." --Steve Witham
>
Sergey