Dustin Cook wrote:
> 4Q <paul_zest@hushmail.com> wrote in
> news:1179276570.507651.209520@p77g2000hsh.googlegr oups.com:
>
> > Dustin Cook wrote:
> >> 4Q <paul_zest@hushmail.com> wrote in
> >> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
> >>
> >> > David H. Lipman wrote:
> >> >> From: "John" <John@eff2ess.com>
> >> >>
> >> >>
> >> >> |
> >> >> | NOD32
> >> >> |
> >> >> | Threat detected
> >> >> |
> >> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
> >> >> | Threat: Win32/PrcView application
> >> >> |
> >> >> | On the one hand I've so far accepted Bughunter as a valuable
> >> >> | addition to the malware fight. On the other hand, no point in
> >> >> | running a good virus killer like NOD32 if I just ignore
> >> >> | warnings. Any observations?
> >> >> |
> >> >> | Thanks.
> >> >> |
> >> >> | John
> >> >>
> >> >> This is NOT malware. It is classified as a "Potentially Unwanted
> >> >> Program" In this case PROCESS.EXE is a Process Application. It is
> >> >> not that the utility is malicious in itself, it can be used
> >> >> maliciously. BugHunter is NOT using it maliciosly.
> >> >>
> >> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
> >> >>
> >> >
> >> > Notice David's splellnig mistakes!
> >> > "maliciosly", "NugHunter" is he worried
> >> > his credibility is heading for
> >> > a banana slip?
> >>
> >> His credibility is not an issue here. Yours was at one point, but
> >> I've established well that you do not have a clue about the BugHunter
> >> program. You don't have any credibility left for me to attack, i've
> >> pummeled you to nothing ness.
> >
> > *HAHAHA* Yes, dancing the jig everytime
> > I twang yer strings. C'mon boy do some
> > more of that troll assisted pummeldance.
> >
> >>
> >> Maybe in your future endeavors, you'll troll somebody who you can
> >> manipulate and convince people that the person is evil. You've failed
> >> miserably trying it with me; I'm glad to have played this with you
> >> tho, You helped me prove that I've indeed changed as I said. I am not
> >> destructive, and you can't wiggle out of that fact. *grin*
> >>
> >
> > Sorry you don't like a critique of your cobbled together ASIC 'n BATCH
> > script
> > Bug**** (aka BugHunter), but people
> > should know the truth about you and your
> > past. Btw comes up #1 on MSN search engine.)
>
> May want to re-check that #1 spot, as you seem to have lost it. This is
> what you can't wiggle around 4Q.
Maybe you need to learn to read before
you step on your dick again, Lord Bug****
"Bug****" is #1 on www.msn.com
"Bug****" is #1 on search.yahoo.com
"Bug****" is #1 on altavista.com
Now wiggle like a good little worm ;]]
4Q
http://fourq.host.sk <-- See how easy
it is to cobble a Bug**** like program
together using bASIC.
=====================================
*bad analysis* from Dustbin Cook.
He just doesn't like the fact that a
non-ASIC coder can knock up a simple
script that does the same function as
his (worked on for 2-3yrs) masterpiece.
Also he distorts the facts regarding
maliciousness authoring and spreading
of malware. He's trying to compare like
with like.
*Years of spreading virus and malware
with the intention of getting his crap
into the wild. (Dustbin Cook as Raid[SLAM))
against
*Writing an article for a magazine
discussing ideas and taking care not to
cross the line. (me)
He might as well paint Peter Szor and
Kris Kaspersky with the same brush if
discussing and publishing ideas without
malicious intent is his like for like.
>
> Recently, the BSer 4Q has published what he feels is a clone of
> BugHunter.
>
> Let's compare the two.
>
> This is a BugHunter clone, it's basically a cobbled together script
> comprising of bASIC.
> The program uses industry standard MD5 (128bit checksumming). MD5
> information,
> code and algorithm is freely available on the net. This clone does not
> use Charles Dye's
> LOCATE.COM but used the internal DIR command to generate a recursive
> list of files.
> (Longfile names and DOS 8.3 format are supported with XP's internal DIR)
>
> The program shells to a 3rd party program, md5. BugHunter shells to
> locate.com to acquire a recursive list, 4Q requires md5 (not his own) and
> shells via command.com to have dir do the work, hardcoded, leaving no
> customization room without the source code.
>
"(not his own)" you ****in idiot MD5
is(was) the industry standard for
checksumming files and producing a oneway
hash developed by world renowned
crypto-scientist Rov Rivest (Hash clash
discovered by Chinese crypto-researcher
in 2004)
> XLIST.TXT (Supplied with the program. This is a file containing the
> Malware MD5 checksums)
> In the case shown here this is Malware BugHunter 2.2 (by Dustbin Cook)
>
> This would by all accounts be a false alarm, and along the same lines as
> tactics used by PCButts. I recommend 4Q's site be added to the mvp deny
> list; as it's obviously misleading people.
>
Not at all idiot, the site gives a
basic critique of Bug**** and it's
malicious author Dustbin Cook. The
code is a hacked prototype to demonstate
how simple it is to knock up a checksum
checker in a few minutes. (not 2-3yrs).
It's quite clear from the description
that the code isn't meant to be much
more than a showcase of how simple it
is to knock up a cobbled together script.
If I was to code such a program for real
it would be written in 32bit C++ with a
proper user interface with full reporting
facilities.
> 4Q's program generates an md5 signature for each file on your hard disk,
> and then compares the results to a "known" text file containing
> supposedly bad md5checksums.
>
> This leaves the high probability of variants of the same stuff getting
> by; as his routine doesn't have the ability to determine file a and file
> b are both zlob if he doesn't have two md5 checksums.
>
****ing idiot. Add any MD5 checksum of
any malware variants to XLIST.TXT and
they will be detected.
> BugHunter does not scan every file on your computer, as it's database
> system is able to provide it more information than a single checksum
> value. One such value is the file length.
> every single file on your computer (well, drive c: only, he didn't
> consider network shares or read-only media), wasting oodles of your
> valuable time; and giving you a very real false sense of security due to
> the sheer amounts of variants it will miss.
****ing idiot. You can't read for ****
can you! "drive c:" Where does it
even mention drive C? it's --> H <--
you utter ****stain. Drive H was a
little partition setup for testing.
And it's obvious from the fact it was
a demo that the program doesn't check
anything aside from that demo partition,
otherwise I would have recursively
checked for all drives or used LOCATE
with some params.
That demo checks every file and wastes
CPU time because it was designed as a
simple prototype not a production release
It wasn't a Beta release or even an Alpha
release and no binary was given BECAUSE
my thickheaded friend the intention was
to demo how simple code be knocked up in
a few minutes to do a very basic function
of scanning a set of files against a
checksum list. (see above notes about
C++ and user interface above for more
clues)
>
> BugHunter does not rely on 3rd party programs for the engine to run, the
A simple CRC checker (not recommended
for use in any serious security
applications). [ Tripwire *industry
standard integrity checker* for example
uses Rov Rivest MD5 ]
> only time 3rd party programs (which is available with source code, as is
> md5) are used is for mundane things like, a recursive list and process
> suspending/killing.
>
Read that as Dustbins inability to
write such 3rd party programs. After
all how is he going to read NTFS or FAT32
from his 16bit BASIC application? bASIC
was designed for very old DOS systems
FAT16 (no long filename support).
No wonder he won't release any source
code for his pile of crap, let's see him
handle NTFS with int13 from his 16bit
platform.
> 4Q is using enclosed statements when it's not necessary, clearly
> indicating his unfamiliarity with the language. It's no wonder what
> should have taken 10 minutes to write took him roughly 2 hours.
>
Don't forget I didn't cut and paste
bits and pieces from old virus code
(like you did) and I wrote from scratch
whilst cooking my meal, watching TV,
and coffee moments
> For example,
> open ("O",2,"B2.DAT"
> is not necessary; this is classic newbie textbook asic programming.
> open "o",2,"b2.dat" will work just as well.
>
Very misleading. I wrote the code as
an easy to understand "bASIC" program
uppercase for keywords and parenthesis
around functions for clarity. You need
to re-read what Kadaitcha Man had to
say about your scriddle skrit code
http://fourq.host.sk/chars/Dustin_Cook/
follow the link to the parts with Dustbin
bad bASIC code and anyone can see the
dimbulb has no place to talk about anyone
elses code.
> Various other newbie coding style is present, but it's basically amusing
> demonstration of his skills. Remember folks, it took him roughly 2 hours
> to come up with this cpu cycle wasting gem. Not to mention the unnessary
> wear and tear on your hard disk, md5checksumming all files n all.
>
And don't forget I code in C/C++ not bASIC. Perhaps you should ask
Guillermito
if he will send you some of my object
oriented C++ A.L. work, was published on
Coderz.net Then come back and compare
your standard of coding with mine.
> "It is effectively the same application "
>
> If anyone thinks his work is the same as mine, then I invite you to re-
> read my post.
>
Why don't you release some of your
"pinto" source code. Let's say one of
your 1.9 Bug**** versions complete
with compile instructions so we can
take a look at your mastery of programming.
> Also mentioned on your review is the following bogus information, Would
> you mind backing the following statement up?
>
> "It is alleged that the BugHunter crapware is a sleeper Trojan
> and will put peoples privacy at risk. " - 4Q showing extreme paranoia on
> alt.comp.virus. Next he'll tell us he really was abducted by aliens.
>
*hah* Smokescreen. You with a long long
history of maliciousness and releasing
virus malware into the wild expect people
to believe you can be trusted. It's like
asking a reformed bankrobber to look
after a savings trust.
> "Dustbin Cook is a well known malware spreader and has
> authored (and spread) many virus, worms and trojans." - 4Q outright
> lieing in public. I never wrote any trojans, and my collection of malware
> was fairly small compared to many other authors.
>
> 4Q, feel free to mention to the audience that you are also a malware
> author, and you did spread your work. Compare our actions equally for a
> change. You host a worthless website and generally do nothing for the
> good of anyone. I write/maintain a useful application which is designed
> to disable/remove similiar things to what both of us used to write.
>
See notes above
4Q
Reply With Quote