Good Viruses. Evaluating the Risks

Presented at DEF CON 16 (2008), Aug. 10, 2008, 3 p.m. (50 minutes).

This session will discuss the risks associated with creation of replicating code. A combination of wide availability of virus source code as well as the problem of control over replicating code make these experiments quite risky. To demonstrate these points we shall see how a computer virus was once created unintentionally in a self-modifying tool called ALREADY.COM (we'll disassemble and debug it). We shall watch a video of the "Corrupted blood" epidemic in World of Warcraft when a virtual "good" virus got out of control. We will examine "beneficial" properties of W32/Nachi worm and discuss pros and cons of harnessing replication for patching vulnerabilities.

Presenters:

• Igor Muttik - Sr. Architect McAfee Avert Labs   as Dr. Igor Muttik
  Dr. Igor Muttik graduated from Moscow State University in 1985. His Ph.D. in 1989 was based on the research of semi- and super-conductors. He became interested in computer viruses in 1987 when PCs in the lab were infected with Cascade. In 1995 he joined Dr.Solomon's Software in the UK as a Virus Researcher. In 1999 he headed Avert in Europe and now is Senior Avert Labs Architect. He speaks regularly at security conferences.

Links:

• https://defcon.org/html/defcon-16/dc-16-speakers.html#Muttik
• https://infocon.org/cons/DEF CON/DEF CON 16/DEF CON 16 video/DEF CON 16 - Igor Muttik - Good Viruses - Video.mp4
• https://www.youtube.com/watch?v=mE7fUH7CmCk

Similar Presentations:

• REcon 2006 / Multi-cavity NOP-infection OS-Independent x86 Virus
• DEF CON 8 (2000) / Virus Writers: The End of The Innocence
• DEF CON 7 (1999) / Viruses on (and off) the Internet. Panel Session