Viral encryption

Paul Ferguson fergp at sytex.com
Thu Feb 11 07:41:38 PST 1993



Greetings, gentlemen and ladies.
 
Having just subscribed to this mailing list, I have several
interesting questions to pose, not exactly knowing which end
of the candle to light first.
 
First off, my background does include some cryptological
overtones. As a non-comissioned officer in the US Army, I
was a COMSEC systems integrator and a COMSEC account custodian.
(Anyone who may be familiar with the job knows the complexities
of involvement.) I now earn my keep as a network systems
integration consultant (great buzzwords) for a highly respected
(and major) computer consultant firm based in the  Washington,
DC area -- far removed from the crypto-analytical sciences
that you folks have an active interest. This job keeps me in the
New York city area four days a week (What personal life?).
 
Secondly, my professional area of expertise is networking (granted,
it _does_ pat the bills). My personal area of expertise (and
enjoyment), is DOS based computer virus "research". I was weened
in IBM system 360/370 assembler (once upon a time) and am quite
adept in the INTEL 80x86 assembler set. (Ralf Brown is one of my
heros.) I "de-program" for hobby; taking things (viruses) apart
to study their possible "interaction" and ability to cause major
problems (sometimes they really do). 
 
You're probably telling yourself at this point, "Gee, I wish this
guy would cut to the chase!" On that note -- I shall. ;-)
 
In the past year, the DOS world has been confronted with several
(two, significantly -- the MtE and more recently the TPE) encryption
"engines" which are being used as "envelopes" for existing viruses.
(Stay with me, now.) They are being called "polymorphs" by those
"in-the-know"; more specifically, polymorphic viruses. The
encryption is weak, compared to DES or RSA comparisons, but they do
pose a major problem to the computer community because of the
technological weaknesses of the antivirus product developers.
Algorithmic development is not exactly their bag of tricks, in most
cases. Most are reliant on pattern matching and have fits when
presented with code that is _totally_ static.
 
Although (I realize that) this conference newsgroup seems
dedicated to privacy and ciphering-related issues, I'm just curious
as to what exposure some of you may have with this type of problem.
(I used to have Kelly Goen to bounce ideas off of, but he seems to
have dropped out of the public eye a few years ago, but yet I see
his name mentioned in the PGP docs.)
 
Any serious responses are quite welcomed at fergp at systex.com.
Public interest responses (I'd hope) will suffice in this area.
 
Cheers from Manhattan.
 
Paul Ferguson                     |
Network Integration Consultant    |  "All of life's answers are
Alexandria, Virginia USA          |   on TV."
fergp at sytex.com     (Internet)    |           -- Homer Simpson
sytex.com!fergp     (UUNet)       |
1:109/229           (FidoNet)     |
         PGP public encryption key available upon request.

---
fergp at sytex.com (Paul Ferguson)
Sytex Systems Communications, Arlington VA, 1-703-358-9022






More information about the cypherpunks-legacy mailing list