Wednesday, April 01, 2009

teaching bad dogs new tricks

well, april 1st is nearly gone and the internet is still here... conficker's magical doomsday payload didn't materialize - which is good, i would have felt worse if it had...

huh? what? why would i feel bad about such a thing? well it's come to my attention that i may, possibly have contributed to the problem in some small way...

take one autorun worm that employs autoplay social engineering...

add one video that suggests autoplay social engineering was first seen in this worm...

and finally add one blog post published 3 months prior to the discovery of the worm that describes that very feature as a passing remark in the last sentence...

what do you get? a not so great feeling in the pit of my stomach... of course it's probably the height of conceit to imagine that i personally gave this idea to the author(s) of conficker, but autorun worms aren't exactly new in and of themselves so this new behaviour following so close on the heels of my mentioning of it does seem a little bit troubling...

so if i am responsible for that particular feature, my apologies to, well, the entire internet and computer using public... i thought it was an obvious ploy, i assumed it had already been done... it was not my aim to give the bad guys ideas (if anything i'd rather be giving the good guys ideas - if only they'd listen)... i'd like to say that i've come up with safeguards against giving the bad guys ideas in the future, but short of keeping my big yap shut i really can't think of anything...

on the bright side, at least i didn't write and distribute proof of concept attack code that was later used in real malware like some folks i could mention...

2 comments:

Anonymous said...

I love the content but I can't stand reading the bad grammar. Sorry, I had to give you feedback.

kurt wismer said...

well, i guess it's a good thing i'm not a writer by trade...