Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ethical Question :'(


  • Please log in to reply
4 replies to this topic

#1 Offset

Offset

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:00 PM

Posted 28 June 2014 - 11:12 PM

I was looking through recent automated sandbox reports today and I discovered a new and very prevalent password stealing trojan has a rootkit component which is using an exploit I discovered and published around 5 years ago (still not patched in XP) :(

 

I don't want to go into specific details for various reasons but needless to say the exploit allows a trojan to hide files and registry keys from being returned by common API calls and from popular programs such as HijackThis, adwcleaner, dds etc.. I'm led to believe some anti-virus programs can pick up on these specially crafted files but not others.

 

Anyway the main point I'm trying to make is that having been retired from the 'black hat' scene for over three years now (and on the side of good ever since) seeing this has caused mixed emotions but particularly an insane amount of guilt.

 

Don't quite know whether I'm going to get a lot of hate for such an admission but needed to get it off my chest and was looking for some general thoughts, positive, negative, or "ban the bleep".

 

Cheers, Jeff.



BC AdBot (Login to Remove)

 


#2 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,721 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:00 PM

Posted 28 June 2014 - 11:18 PM

(still not patched in XP)

With End Of Support For Windows XP SP3 is April 8, 2014 It never will be now.

Edited by NickAu1, 28 June 2014 - 11:19 PM.


#3 Offset

Offset
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:00 PM

Posted 28 June 2014 - 11:23 PM

 

(still not patched in XP)

With End Of Support For Windows XP SP3 is April 8, 2014 It never will be now.

 

 

The unfortunate reality :(

 

Microsoft have had information on it for over two years, and whether they knew about it before that, I couldn't say, it was public. It surprises me they haven't acted on it. But I suppose because it doesn't allow code execution, it isn't considered a major threat.


Edited by Offset, 28 June 2014 - 11:23 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:00 PM

Posted 30 June 2014 - 03:48 AM

Hi Jeff,

 

Anyway the main point I'm trying to make is that having been retired from the 'black hat' scene for over three years now (and on the side of good ever since)

 

An online reputation is very hard to build and very easy to destroy. One single act can "stamp" your reputation for years. Even if we regret certain actions later, some kind of doubt will almost always remain (because an online identity shows only part of the picture and shows us only a part of the picture.

 

seeing this has caused mixed emotions but particularly an insane amount of guilt.

 

To be honest, if you indeed feel guilty about this, there is only one correct course of action: publish all information you have assembled on the exploit so computer users know about this. 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Offset

Offset
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:01:00 PM

Posted 30 June 2014 - 04:42 AM

An online reputation is very hard to build and very easy to destroy. One single act can "stamp" your reputation for years. Even if we regret certain actions later, some kind of doubt will almost always remain (because an online identity shows only part of the picture and shows us only a part of the picture.

 

It was many years ago when I was young and naive, and was something I came to regret as I saw people using it in their viruses, trying to infect people. I did at the time what I thought was right, which was to remove the posting from public view and call out and humiliate anyone I saw using the exploit, within a few days it had dried up and was long forgotten. It is perhaps worth noting that I was never a true 'black hat', just someone who was curious about viruses and malicious code. I've never directly infected anyone or harmed anyone I'm pleased to say.

 

Elise, on 30 Jun 2014 - 09:48 AM, said:

To be honest, if you indeed feel guilty about this, there is only one correct course of action: publish all information you have assembled on the exploit so computer users know about this. 

 

I actually did report this to Microsoft shortly after but sadly they never patched it in XP (as it does not allow code execution, it is considered low risk). I'm pleased to say that I notified various anti-virus vendors of the problem some years ago and the problem was fixed pretty swiftly, so I wouldn't say it poses a risk to users, it's more of the shock and guilt and quite honestly disgust that someone would use it for such a purpose.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users