Xaxaxa -> it's the same here!...
What in the world,Sophos' description merely stated:"...a program for the Windows platform".
Yeah,is that so..and I thought it was for SGI Irix or something...
But Prevx,gee,now that's really an achievement...made me a bit 'jealous' to be honest:
changes exe filesize,sends mails over the net,hides stuff and what else...
now that's not malware - that's a real threat to the human nation!
Regarding contacting them,don't know...maybe,but the general feeling was...
does it really worth it / makes a difference?
For example,have a look here at something that got noticed recently,
in Peter Szor
's infamous book "The Art of Computer Virus Research and Defense":http://vx.netlux.org/lib/aps00.html
(Warning:Be patient if on slow/older connection types,it will take some time to load...)
...Scroll down in the "15.4.2. Unpacking" chapter,where it states:
"It is often difficult to figure out what kind of wrapper is used on a file.Not an official tool...
Tools such as PEID attack this problem by using signatures to detect the packer.
Unfortunately, PEID is not an official tool and is associated with the hacking community.
I definitely do not recommend that you use such tools on a production system,
but you can give them a shot on your dedicated research system.
PEID can identify nearly 500 different wrapper variations,
which can be a helpful start in getting familiar with them.
Always beware what you download and use from the Internet.
Even professional tools are often Trojanized.So be advised!
In addition,some unpacker programs might run the code in order to unpack it.
Such unpackers can execute malicious code as a result of unpacking,so you need to be careful.
As a best shot, you can attach a debugger,
such as TD (Turbo Debugger) or OllyDBG (both of them are free debuggers),
to a running process and dump the process address space yourself.
This trick can help you to deal successfully with encrypted and polymorphic code."
(official by...whom? Symantec itself I assume?)...Associated with the 'hacking' community...
(yeah,we should all end up in jail - exactly for not being 'official' as per above...)Not to be used under production systems...
(...hmm,now this reminds somehow of Sophos statements...nah,probably a coincidence...)
But hey,they're doing us a favor here...or actually,two favors:
1)No problem with Turbo Debugger and even more with...OllyDbg.
Especially for the latter one...lol,no comments here...
2)Although such 'tools accosiated with the hacking community',
are per statement "not recommended in production systems
oh well,so what...if you have a "dedicated research system
then you can play around with them at wish!
Don't consider the following as an..."official response from Team PEiD",lol...
It's simply my point of view as a peripheral/supporting member...
after all,the 'official' thread made in PEiD's forum,
shows quite in clear what came to the mind of most of us there...
It's fairly obvious it's politics and marketing speaking here.
Thereby,actual question is not if Sophos/Symantec etc should be contacted...
that's would be quite easy to do.
But if it really worths bothering with this type of 'politics' in the first place:
as PEiD has always been a freeware tool made for the sake of making life easier,
for researchers and end-users...or more specifically,
for what all of us simply call as the "community
"...as this is the spirit of it all.
But well,by 2008,I think we've all got a quite good understanding of monopolies' marketing:
whatever it's not "official
" and commercially exploited by them,
it must be defined with the addition of the word "hacking
" in front of it...