Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Like this article? We recommend

Prometheus Unbound

Immediately after publishing an initial analysis of the virus, as well as the first known antivirus signature data file to detect it, Airscanner Corporation was flooded with requests from large companies that wanted a copy of the virus binary and source code. For example, people from organizations as diverse as the U.S. military, Motorola, and many others wanted full disclosure of the details. However, all Airscanner had was the binary and the results of the blind reverse-engineering described above.

Thus, we decided to write to the proof-of-concept author, whom we had never met or talked with before. After communicating with him, we found that he appeared to be a legitimate security researcher. He stated that he only wrote proof-of-concept code, and that he always put safeguards into his binaries to keep them from spreading in the wild. He also strictly refrained from spreading programs in the wild, rather sending samples only to well-recognized antivirus firms. Thus, we asked him if he would give us a more detailed analysis of this new class of virus. By understanding the unique nature of this malware, security researchers will hopefully be able to develop better protections.

For many years, some in the antivirus industry have attempted to keep proof-of-concept code as well as important methods of defense within a closed priesthood of self-proclaimed "experts." However, we believe in responsible full disclosure. That is, malicious virus writers in the computer underground already know these techniques. The only ones that are hurt by secrecy are legitimate companies and researchers.

For this reason, it's important to get the knowledge to legitimate researchers who need it, since malicious writers already have the information. For example, as far back as 2001, Prentice Hall recognized this need and published annotated source code samples from the Melissa virus in Windows Internet Security. These days, the concept of "security through obscurity" is discredited.

  • + Share This
  • 🔖 Save To Your Account