Good point DA, would you then logically assume it is either A) the level of the payload's intervention in the infected system or B) the programming language level that would determine the threat posed by a particular malware?
I'm not jerkin' yer chain, I am seriously curious because this has been a pet project of mine for a few years. If anyone knows of a VERY serious math-magician who can handle comples probabilities and calculations that border on the insane I would seriously like to talk with them - PM or e-mail me about it for more.
Back on topic. What truly defines the actual "threat" of a malware? And futher, what would decide the intent? I am drawing a conclusion that it is really based on how intrusive the malware becomes. Is this a wrong assumption? We already know the idea of a malware causing actual damage is out of reach (for now...) but damage defined as loss of time, data, service, etc. Would a damaging program alone demonstrate intent and therefore show that the writer is more deserving a punishment?
There are so many other areas we could get into but I will stop to stay on topic.
September 10th, 2003, 04:40 PM
Well everyone has a different point of view of everything. and to answer your question I would have to say A Now I am no expert when it comes to creating viruses but If someone is smart enough to write or modify one then they should have enough common sense to unplug the Network or phone line from their computer to prevent it from being released. If the virus was released intentionally to the public and it did millions of dollars worth of damage then that should be enough to determine if they should have a hard sentence
September 10th, 2003, 06:19 PM
"Satan has been the best friend the Church has ever had, as He has kept it in business all these years! "
the same can be said for virus writers.....virii writers....repent or burn!!!!!! Just kidding....i am a Buddhist.....out
September 10th, 2003, 09:03 PM
Having read this thread, and seeing some good points, I do wish to clarify a few things. These are my opinions, of course.
1 - virii writers, regardless of intent, should serve time. I don't care if someone's mad at their girlfriend, I don't care if they're trying to stop an internal network problem, I don't care if they're trying to shutdown stale procs...none of that matters because if you're smart enough to write something that can do that yet DUMB enough to FORGET possible avenues of escape (what if the machine you're attempting to do whatever is the DMZ or the only one allowed to the outside world?), then that tells me that proper programming techniques have not been applied or learned and further, that tells me more about the person who programmed whatever. To write something because you're mad at a girlfriend? Are you STUPID?! The kid who modified the blaster worm is DEFINITELY stupid for even WANTING to put his "work of art" out there. The list goes on. If you can't manage your anger or if you're so cocky or so desparate for attention of any kind, then guess what, you're going through what everyone else goes through at some point in their life and if I, and others, can deal with it accordingly, so can you.
2 - black/grey/white hats. A black hat, IMHO, is definitely someone who wants to destroy data, delete things, bring down networks, etc etc. Wanton destruction of someone else's personal data or a corporation's intellectual data/network grid. They don't care what damage they do because they know it's going to be done and it's 100% intentional. They're the equivalent of someone coming to work with a gun and shooting people, only it's dealing with data, networks, etc. A grey hat is someone who does something bad for a good cause. Prime example would be when a friend's linux box got hijacked (rooted) and he asked me for help. I openly told him I would probably have to get into said box illegaly to which he said "No problems, just get it back". So, I break the "law" and root his box the same way. Once I got in, I ganked the two guys on it after storing syslogs and fixed the hole they came in on, patched the whole box, and locked the box down. Only after I had done everything I could did I return ownership to my friend, who was more than grateful. But, if you look at it, I did just as much a bad thing as they did, breaking into a machine not mine, however, it was for a good cause and the owner knew about it. That situation qualifies me as a grey hat however, I'm a white hat by nature. White hats are those who are out to stop the bad guys, the ones who help in all situations by doing the right thing, and educate others how to protect themselves and pass on knowledge so that the userbase becomes that much more intelligent. I'd rather tell someone how to secure their network and internet connection rather than tell someone "how to hack hotmail". I don't even bother with such drivel. I don't write viruses. In fact, I've never written a virus and wouldn't know where to start. I do know how to exploit various windows holes but I don't because A: it's illegal and B: I'd rather educate myself and others on doing better things than piddly "oooo I made someone's machine freeze", etc...
Bottom line, a black hat writes a virus not caring what happens, a grey hat writes another program to kill off said virus and lets it loose into the wilds, and a white hat is running emergency fire control because both are on his/her networks...
PS - these are my opinions and are subject to being disagreed with, hehe...