| The ELF Virus Writing HOWTO | ||
|---|---|---|
| Prev | ||
Table D-1. Directly updated by me
| Location | Organization |
|---|---|
| Austria | enemy.org |
| Germany | Andreas Thienemann |
| USA | Laramie Wyoming Freenix User's Group |
| USA | Peaceful Action |
Geographic location is based on http://netgeo.caida.org/perl/netgeo.cgi. An interesting variation on the topic is the applet at http://visualroute.visualware.com. Anyway, in two cases people convinced me that their server really is somewhere else.
Table D-2. Independent sites
| Location | Organization |
|---|---|
| Austria | synflood.at |
| Germany | mxscan |
| USA | Cipher Block Chain Gang |
Every site hosts complete source of this release and all previous versions: ../../archive.
You are free to mirror this document anyway you like (that's pretty obvious given the license). And if you give me notice I will add your site to the list above. However, I ask for a few things:
Make a complete copy, including ../../archive and ../../feedback/de/nai.
Keep the directory structure. Otherwise these relative links won't work.
Check the sites in Table D-1 for updates.
#!/bin/sh
#
# last modification 2002-05-20
#
format="+%Y-%m-%d"
today=${1:-$( date ${format} )}
yesterday=$( date ${format} -d "${today} 1 day ago" )
master=http://virus.enemy.org/archive
archive=public_html/archive
function one_day()
{
local today=$1
local html=virus-writing-HOWTO-${today}.html.tar.gz
local src=virus-writing-HOWTO-${today}.tar.gz
if [ -e $HOME/${archive}/${html} ]; then
echo "Nothing to do."
return 0
fi
if cd $HOME/${archive}; then
wget -c ${master}/${html} ${master}/${src}
if [ -e $HOME/${archive}/${html} ]; then
if cd ${HOME}/public_html; then
rm -rf virus-writing-HOWTO
tar zxf $HOME/${archive}/${html}
[ -e ${HOME}/.forward ] && mail $(whoami) -s wget < $HOME/log
rm $HOME/log
return 0
fi
fi
fi
return 1
}
one_day ${today} || one_day ${yesterday} |
The document was initially hosted on a recreational machine at the University of Linz in Austria. German speaking readers might find the exchange of emails between Network Associates, Inc. and the admin of the original web-site interesting. There are rumors that this eventually lead to the removal of my pages.
Anyway, university officials handled the matter in style. I can understand that they don't want to be associated with such delicate matters. No bad feelings there. But the technical expertise of a world class anti-virus company deserves broad audience. Here is my humble translation of the first mail:
Dear Sirs,
Our anti-virus team reports that instructions for the construction of Linux computer viruses are located on the network of the University of Linz. Since these documents can be used as building plan for the creation of dangerous viruses, we recommend to remove the corresponding pages from the WWW server.
The link is: http://wildsau.idv.uni-linz.ac.at/~k3032e4/
Yours sincerely DI Thomas Steiner Network Associates, Inc.
The humorous reply is beyond my capabilities of translation. I'll just continue with the second mail from NAI.
Dear Mr. Rosmanith,
I must say that your ironic remarks don't contribute to ease the relationship between University and business world. The nature of your feedback gives cause for concern, especially since you don't object to distribution of virus construction kits. This is sad and disturbing.
The reason for our advise is the tendency of affected companies to sue web providers (and Universities) offering malware or virus kits acting as knowledge base for new virus derivatives for horrendous compensation.
Usually our warnings are received positively and are not answered with infantile ignorance, as in your case.
Hereby we have given you notice of the dangers.
Yours sincerely DI Thomas Steiner Network Associates, Inc.
A hilarious reply to this got no answer.