Re: toad.com mailing list postings from possible virus authors

[Phiber Optik <phiber@eff.org>]

Granted the idiocy of Mr. High-and-Mighty Army Man's opinion of what people
can and can't say, I couldn't help but point out two silly things in the
message he's complaining about:
[stuff deleted]
> > each time they replicate (make a new copy of themselves).  The small
> > amount of virus bootstrap code which is not encrypted is changed in each
> > replication by dispursing random NOP's throughout the virus boostrap code.
> > Thus each sample of polymorphic virus looks completely different to
> > virus checking programs.  The virus checking programs cannot use
> > "signature" byte strings to detect polymorphic viruses.
> > 
Either he's explaining it wrong, or the author is actually foolish enough to
think that people won't simply just IGNORE the randomly placed NOPs and only
consider the other instruction codes in forming a signature(s).  Wowie.
Real programmers know that the strength of polymorphic code lies in the fact
that the same instruction can be coded as numerous different opcodes on Intel
processors.

And...
> > I have seen something called D.A.M.E., also known as Dark Avenger
> > Mutation Engine.  This is a freeware polymorphic library/kernel/toolkit

Why does he keep referring to MtE, as "DAME"???

It never ceases to amaze me how such an elementary and sophomoric subject as
viruses can cause the strangest reactions from some people.  I think it has
something to do with the noxious connotations of the word 'virus'.  Maybe if
we all just agreed to call them 'nuisance programs', like flies on a horse's
rear-end, they wouldn't cause such fool panic.
On a finer note, I know a couple more of my "non-privacy in the phone system"
messages are in order, I was pleased by the response I got.  I'll try and work
myself into the mood.