General discussion

Locked

Virus Kits Readily Available

By Jaqui ·
--Virus Kits Readily Available on the Internet are Protected by Right to Free Speech
Note: The following is a summary of an article that appeared in the Wall Street Journal on March 31, 2005. The Wall Street Journal site requires
paid registration.
CDs containing virus source code, virus writing tools and descriptions of how various viruses work are available for sale on the Internet.
Some sites even offer this information at no charge. The administrator of a site that advertises a hacking guide to "hard drive killers" and keystroke loggers maintains that the merchandise" is intended for people who want to test the security of their systems.
The proliferation of do-it-yourself malware kits available on the Internet has raised security concerns, but law enforcement officials have no legal recourse against the purveyors; publishing code than can be used to create malware is not illegal. What is illegal, according to the Computer Fraud and Abuse Act, is releasing malware with the knowledge that it will cause harm.
Web sites are not investigated unless a virus released on the Internet has been traced back to it; even then, those who posted the code cannot
be prosecuted for simply making the information public. Prosecutors could conceivably have a case if the site on which the malware code is posted urges destructive activity.
Criminalizing these tools is problematic because some of them have "very legitimate uses in the security profession," so the focus has been on
criminalizing the activity of spreading malware rather than on the malware itself.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

mmhmm

by advancedgeek In reply to Virus Kits Readily Availa ...

right...to test your security...

Collapse -

I can see that.

by Jaqui In reply to mmhmm

compile it then run av and see if it picks it up.

testing effectiveness of av software. but other than that, nope.

and I definately don't agree with having the sources available like that.

Collapse -

Vital it's available.

by Synthetic In reply to Virus Kits Readily Availa ...

As a LAN admin, with over a 100 users, and 4 production servers spread over two sites, and being on call 24/7 I hate viruses, malware, and the like. It's a big freaking waste of time and resources. I am never slow, and doing a sector by sector copy of corrupted infected data, then a rebuilt (and then patching then installation, then data recovery, .....) is always a chore. The viruses that do make it in, are not written by someone who buys a kit, and if they are, they always fail. If a person is not savvy enough to take what is out there, and write to exploit know threats, then a kit will likely help them very little. If your an admin, or personal user with one machine, you should employ good back-ups of critical software, good AV and firewall, close unused ports, and pay attention to surfing an email habits. I stopped running AV software years ago, and only occasionally have to go edit my reg to remove an invasive peice of scumware. Why, good patched OS, non IE up to date browser, and I don't try and punch the money for a chance at a free X-Box. I'm well aware of what processes are running, and services started. So much can be mitigated by using ones head, and paying attention. I think it's important that packages like this are for sale. As a freedom of speech issue. Sure it sucks, but would you rather have the government, or any organization come and state what can and cannot be made avaiable? If not for many of these bugs, I have to wonder if the innovations in security measures, and in user awareness, would be as strong. Often the negative fuels changes for the greater good. Now, if we as a community were smarter and better organized, we would turn these tools against the spammers, against the malware creators and their ilk.

Collapse -

but

by Jaqui In reply to Vital it's available.

wouldn't it make sense to have it controlled, to avoid the few people that use these kits as a foundation for effective viruses?

say sites like secunia, security focus or sans?
where the target is 100% security people not anyone with a credit card?

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums