[Dshield] Time limits on virii
cbrenton at chrisbrenton.org
Sun Feb 29 02:01:15 GMT 2004
On Sat, 2004-02-28 at 18:35, Carboni, Chris wrote:
> So let me ask this. If I'm a virus writer, why would I want my bug to
> deactivate after a certain date? What's the advantage to me? What purpose
> does deactivating fulfill?
Ego. ;-) Let me give you an analogy that might help explain.
I drive a moderately tricked out Subaru. Its geared low and has AWD.
With this in mind, I can smoke anything up to a stock Mustang off the
line. Its designed to be a off-road Rally car however, so get it over 70
and it starts dogging down. Not that hard to waste me over that speed.
So if I'm staging against a Honda VTECH, I'll pull out of the gate and
have about a full car length on him/her by the time we hit 60. At that
point I'll slam on the brakes, drop to the speed limit, and shoot
him/her a look like they have just completely wasted my time and fuel.
In other words, they have no idea that if we ran a full quarter mile
they might very well kick my butt. All they know is I was trashing them
right up till the moment when I decided to back down. I was the one with
control the whole time.
Virus expiration is much the same. The date is usually just far enough
out that a majority of people would finally get around to getting their
sigs up to date and be safe from the virus anyway. Since the virus
expires however, the coder gets to feel like they 0wn3d right up till
they decided to kill off the code.
More information about the list