 Welcome, everyone. I'm very happy to see so many people in here at 10 a.m. in the morning. That's not a very often thing to see at DEF CON. I'm going to talk about multi-platform malware within the Dartmouth framework. But before I start my speech, I'll have to make a couple of announcements that will probably help you to understand the speech better. First of all, my suitcase got detained at the airport, so basically I was missing a holy lot of virtual machines. I'm going to show you later on. I restored most of them. The only one I couldn't restore is Vista. This stuff I'll show you today will work in Vista. And if you don't believe me and have a Vista box with you, feel free to come up front and sacrifice it. Also, I would like to extend a very special thank you to Chris Padgett of AOI Active, who helped me greatly with those virtual machines without him. This speech today would not be possible. Also, don't try to attack this computer. It's offline. If you want to own me, I'm on the own the box competition. Go back there. This is my P. If you own the box, you get to take it home. I'll sign you a case if you want. So, let's start the main talk. Just what is multi-platform malware? We all heard that. We maybe have an imagination of what it's all about, but there's never been some kind of speech on this before. No one really knows what we're talking about. What's the potential? Multi-platform malware, let's just give it a quick definition. It runs on several different processes or host operating systems. Well, that's basically what the name says, right? So, it should not be bound to, like, Windows or Linux or whatever, so it should be independent of those systems. It does not need to be modified from system to system. That's a very important fact, so it's basically not, you know, you don't have a worm in different versions of it for each system, but it's the same worm on each system. It will be able to jump the systems. That's a very important characteristic, as we'll see later on, because this opens up a lot of new possibilities for hacking in general. And it will maybe anything from Chorion to virus to whatever you kind of come up with, whatever you would consider malware, it could be multi-platform. So, what is it not? Multi-platform malware has nothing to do with attacking common flaws. Like, XSS is a problem with the stateless communication in the internet. It will work on any platform, but it's not what I consider multi-platform malware, and it's not what we're going to talk about here today. And it's also not scripted stuff, because, you know, it's pretty lame to run something through an interpreter and just hope that everyone gets Python installed or whatever you want to use. So, why is this important? People have been talking about multi-platform malware for quite a few months or years now. And it actually never made it to the surface. Like, people are just talking and discussing theoretical stuff, but actually, you know, the malware has a commercial interest, and apparently it has never been important enough to actually build it. So, what changed within the last couple of months or years is, first of all, we got more devices. Like, 10 years back, and I guess someone here remembered that time, there was like one major computer in a corporation that kept all the data safe, where you would just work with it, and people would wire up their workstation to that computer, and that was basically it. Today we got laptops, we got every corporation's old workstation, we got those people sitting around using macOS, Windows, Linux, whatever they want to run, syncing over AFS, FTP, whatever you can imagine, and taking home, taking work home on their laptops and their PDAs. So, the data is pretty much split. We got those devices, and it's becoming worthy to attack them. Then we got more operating systems. 20 years back, 10 years back, there was basically Unix, and that's it. Today we got Windows, Linux, we got like 200 Linux distributions on a major market, and we got more cross-system integration, as I said before, like when this data was still safe kept on a single system, you would not have to interface different operating systems with each other, because it would just be the same, but if you have your cooperation working partially on Mac and partially on Windows, you'll have to find a way to make those computers communicate with each other, or it won't work. You have more mobility, as I said before, basically taking work wherever you want. You can take your laptop, take your work, go to the park, finish it, and you have less security concerns, because the normal people just don't care for security. That's a common fact. So, I'm not the first one to deal with multiple-platform malware. There have been some other proof-of-concept codes before. I just want to thumb through them really quickly. If you want detailed information on these, like looking up on Google, they're well-described at Symantec homepage. The first one is like Win32 Linux mildee, which probably is like halfway of an overrider, which just does some basic stuff, and it infects both portable executables and ELF binaries. Also, it's polymorphic and metamorphic, and then we got W32 Linux B, which is also a proof-concept virus infecting your local files. Those two have been pretty much unimpressive, and they've not spread, so no one basically cared for them. But that's about to change, because multiple-platform malware has tremendous potential, and that potential can basically split into two sections. The first one being jumping systems. Now, what does that mean? No idea? Okay. Actually, I thought it would be pretty hard to give you a scientific explanation of what jumping systems could mean, so I made up a little story that should show you the difference between the old common sense of operating system security and what is possible with jumping systems. So this is the old standard. This is like a little dialogue between a Secret Service Guy and a hacker. Secret Service Guy, we need access to that network, and we need it now. Now, don't look down those in the back. You know that sentence, right? Some geek, oh, yeah, right. Look, I'm really sorry, but I was extremely busy tonight. See, when I scanned that employee's firewall, I saw that his son had an Xbox 360 connected to the internet, so I spent all night hacking it just to get a save games. What the fuck, you know what this means? They have 200 nuclear warheads stationed around the world, and we believe that they cut 26,000, or 72 cents of tax last year. Now come on, it's not all bad, at least we can play games for free. And yes, indeed, that's great. Just wait at your house and keep the doors unlocked. I'll send over a SWAT team to play. So that didn't really work out for the geek, right? Now, let's take a look at what the new possibilities do to the next geek. Secret Service Guy, okay, now this is your first job after you've been hired on since the previous specialist couldn't continue working due to a terrible headache. Also, you'll probably have heard the tales of how we managed to disarm all the nuclear warheads using a piece of paper and bottle cap, but now we need access to that network. Listen to the other guy tell you that employees kid an Xbox 360 wide up to the internet. Again, don't tell me I have to save. But this is where things started to change because actually he had the Xbox 360, but of course I did. He's a really good gamer. However, I also installed a worm on that Xbox that jumped to the Vista box and collected all the credentials from our target employees pocket PC after being synced on there as well. I already mailed to the credentials. And that's actually what you're talking about here. You can basically infect whatever you want and jump anywhere you want. And basically break all the security rules we certainly obey because certainly we don't expect anything to jump from an Xbox to a Vista machine. And then, you know, steal the data from in from your pocket PC. But that's possible. So to finish things up great. You really know a lot about hacking and organization and our plans. Just wait out your home and keep your doors unlocked. I'll send over SWAT team to congratulate you. Now let's take a look at the other great thing about multiple malware. And that's basically the momentum of surprise. How many of you have ever been pentesting a network like raise your hands? Yeah, quite a few, right? So what is more fun pentesting a Windows box or pentesting a Linux box? I guess many of you will like say, yeah, Windows is more fun because it's easier to own. But basically what I found out is Linux users are way less concerned with their box. If they don't have to take care of it themselves themselves, if there's a sys admin around that just sets the box up, they think, Oh, my, I don't have to worry about anything else. And that's when there's momentum of surprise comes in really handy. Because the outcome and sense of all security was, if it hurts me, that was built for me. If you got struck by a worm or a trojan, then someone designed that worm or trojan to work on your system. But today was multiple malware. If it hurts you, it's just there. You're vulnerable in most cases whatsoever. And that completely changes the outlook. Now let's take a look at what your common non-Windows L user would think about this. Those are a couple of pretty popular misconceptions that I guess most of you have seen before. Like this is very popular for people who run FreeBSD, Mac OS X, whatever you can imagine. They say, Oh, I'm running X, Y, Z, and that's secured by default. Now that's a pretty dumb idea. Next thought is, Yeah, very few people develop malware for why operating system X was that. And that's actually true. Because as you all know, malware usually has some kind of financial interest in the back end. And Microsoft has like a 90% market share on the end user market. So why should I invest money in creating something to attack a system with 3% market share that's probably not even able of infecting enough box to actually redistribute itself? And the next misconception is if an MS friend of mine should be infected with malware, his PC could not infect me anyways. Yeah, that makes sense. You know, if that guy got a trojan on his computer that sends you an email. What's what's going to happen to you it won't run on your system anyway. That's also misconception as you'll see later on. And I don't need to be careful when dealing with downloads attachments in portable media. You know, Windows users are exposed to this every day. They go to the internet, you go to MSDN, you go to any mailing list and like every two hours they keep telling you, Oh, don't open attachments from people you don't know. Check every single download, get antivirus, get whatever. Have you ever the Mac use in? Yes, anyone ever told you do the same thing for your Mac? Yeah, most most people are actually pre concerned, not not pre concerned about that is thinking, Oh, I'm default. I'm secure by default. I don't need to worry. Okay, so before we hit the demonstration, let's first get a quick look at how you can implement multiple from malware. There are actually various concepts to doing this. And we'll just go to go through them quickly and then take a deeper look at the one I'm going to present here today. They basically first of all carrying various versions as payloads. That's pretty simple. Like you build a worm, you have it attack a network, you have it scan the network for vulnerabilities of various operating systems. And basically it carries Windows and Linux and Mac version for the systems, it cracks the system copies the appropriate version over there and just continues. That's pretty simple. But at the same time, you know, it's a pain in the ass to find out what systems going to be running. This can be done if you're running a worm on an internet, but as soon as you start attacking box over the internet, like good luck finding out what they're running. Next one is using cross system complicated assembly instructions. Some guys actually managed to do this. The problem was they had to patch the Linux kernel and order for it to run, which is pretty lame. Like distribute a virus and tell people like patch the kernel and then it will infect you. Cool. Also, this technique would probably only be suitable for about like a 20 total assembler geeks worldwide. So, you know, that's not really going to be a big problem. And third one is using runtime frameworks and intermediate languages. And this is what I'm going to talk to you about today because this actually makes multiple model very real, very easy to implement. So let's take a practical look at it. Pond me and that net darling. Project Akikaze, I created about a year ago. For those of you know Japanese Akikaze basically means autumn wind. I'm not pretty good at naming things. It was autumn and it was windy and I started programming. So that's for the name. So what were the goals of creating this? The first goal was to create actually proof concept worm that works. As we had before, you know, I'm not very fond of patching my kernel in order to get the malware to run that sort of lane. So I wanted something to really show the people that they could try it out at home without preparing their boxes and it would actually work and this one does. The second goal was to have it attack Thunderbird and spread from there, which is, yeah, we're going to sum through it later why I chose Thunderbird. And it should also give me a chance to explore possibilities of runtime frameworks because anyone who's ever been working on a larger project before will know this one. You got a good theoretical idea. You're thinking about it. You think, oh, that's going to be no problem and as soon as you start actually programming it, you'll end up having problems coming from nowhere and like racking up the whole system. So I wanted to actually do something before I claim that it's possible. There are a few questions. First of all, why .NET? There are many runtime frameworks out there. There's Java. There's a lot of other smaller stuff. Well, .NET has a couple of advantages. The first one is common intermediate language code is fast. And I mean fast, not like Java fast. It's almost the speed of C++. And for malware, speed is always an issue because the faster it will work, the easier it will be to put in routines, to put in all the stuff you want without the user noticing there's something wrong because their CPU is working at 100% for about five minutes after booting. Then there are several .NET implementations. Most people don't know this. Most people think, oh, the .NET, that's Microsoft, that's evil. It will only work on Microsoft. Well, that's not true. It's a mono project. Mono works almost everywhere. You can get monos around on Solaris, Linux, BSD, even on Windows, wherever you want. On various processing architectures, there's even more. There's .GNU, which is a smaller project, completely open sourced. And there's Microsoft's own rotor implementation that actually works on free BSD. So basically, .NET is everywhere. Next of all, many people run it, even though you might not be aware of this. Go on the internet, download Ubuntu 704, insert the install CD, hit the DAC. After you're finished, you'll have Mono up and running on your system, even though you might not know this. Try it out with your favorite distribution of kind. The .NET is so popular today. And even if you're on BSD and you think, oh my, so no distribution ships with this, if you just build your packages through ports and hit okay everywhere. Chances are pretty good that after a couple of days you'll draw Mono in as a dependency. Because there are a lot of libraries that are linking to Mono today. Next one is the language independence, which is a really nice feature. Well, on Java you basically code in, well, Java. And there's some crazy stuff out there like iron Python that will allow you to run Python in the Java. But in the .NET you can actually build a class using Python, compile it, then build another class using C sharp and actually exit a class you build on Python before it, without any complications. And that's a really nice feature because most of you will know that some things are very easy, very much easier to implement in Python than say in C sharp. It does not have any virtual machines. .NET gives you direct X to the computer, which is pretty neat if you're actually developing malware. It has lots of class for platform independence. This basically means in the .NET you can ask a class to give you that user's home folder. And it doesn't care if you're on Linux it will give you slash home slash whatever your name is. If you're on Windows XP it will give you C documents and so on. If you're on Vista it will give you user documents so you don't have to worry about that. It makes it pretty easy to develop code that will actually work. And last but not least, of course, you know it's developed on Microsoft so they quite have the hangout of it for developing stuff that will actually make your malware run. And the other question is why Thunderbird. When I started this a lot of people were asking me, oh you hate Thunderbird? No, actually I'm not. I'm using it, it's really great. And that's mostly why I used it because I did not have to acquire any new client to just write my worm. Also like attacking a male client is a pretty easy way to spread a worm. You just, you know, get the SMTP service credentials and send out through your mailing list and that's what's going to happen. And of course you know if you want to present multiple to malware the thing you're attacking should probably run on the systems. I could not possibly attack Microsoft Outlook because I could not get that one to run on Linux or 3BC. So Thunderbird was definitely a good choice. Now of course that was not all good and nice. So I don't know how many of you guys are using Thunderbird but if you set up a new account and save your passwords for the first time you get that message. And let me just give you an excerpt of that. This sense of information is stored on your computer in a file that's difficult but not impossible to read. Well that definitely made my heart stop because I thought you know what have they come up to like salted hashes of your passwords and encrypted by some major password I would have to recover from the binary and basically I spent a couple of sleepless nights until I decided to just check the files they were supposed to save the passwords in and it turns out that this incredibly cool and hard to crack encoding what was base 64. So this is how your standard Thunderbird password file looks like this is for an IMAP server it basically gives you the username and the IMAP server and the password and basics for code form it took me I think two lines of code to get that one right. So let's give you a quick look at the code actually the code is available from my home page it's on a GPL version to download it if you're like a C sharp geek look at it I'm not going to bore you with the details if you got questions write me an email develop this further if you don't do something incredibly cool to my code be sure to send it back to me because I'm always interested in what other people are doing this is the address write it down be aware this has a self-signed certificate and it will enforce you to use that certificate you cannot access this page on a plain HTTP so it's pretty easy also if you don't get to write this down I've got like a hundred business cards up here just walk up the stage after I'm finished and I'll give you one of those so as I said previously the most important part is this is 3p out code so do whatever you want do the good stuff I hope there's more white hats in here than black hats but you know Kevin can never be too sure about that and yeah publish stuff this will be big this is just the main class there are basically three classes in there for gathering information gathering the credentials and actually taking the server and what it does is it gathers the information on the system does a few checks and then basically circles through the email addresses it found creates content and sends those out through the user's own sntp servers so it's pretty much impossible to find out this email was sent by a worm because it yeah it uses your own credentials this comes from your legit servers and even though I said you could do almost everything platinum apparently sometimes you'll find those classes checking the operating system version against fingerprints that the dotnet supports and actually building if else classes sometimes you cannot get around this for instance you all know that on the windows box you'll have a line break with slash r slash n while you're on the linux box you'll simply have slash n and you'll have to take that into account when you create your regular regular expressions to have the worm run so this is a pretty easy way to do it okay now for the part you've probably all been waiting for this is a demonstration and what i'm going to do is i got the mware prepared here and i got three virtual machines running one basically a windows a linux and a bsd and what we'll do is i got the worm on the windows version and i'll show you how the firefire thunderbird is configured i'll just start it and we pretty much make a round trip so windows will send this to the linux box linux will send it further on to free bsd free bsd will send it back to windows as i told you earlier this works on vista so if anyone wants to sacrifice this box just step up um actually it works so well that this does not even touch the uac system so basically this worm does not stop there yeah just a few more seconds okay so this is your standard windows xp and cell um i'll give you a look of my address book and thunderbird okay so we'll just have to restart the network connection he sometimes screws that up okay hang in here with me for a second i don't know what he's doing currently but it should be fixed in a couple of seconds okay we got it yeah this is all this is what always happens if you're working with windows you know it always works in your room but as soon as you're standing in front of a few hundred people will just burn out so um i actually got a mail server running locally which is pretty fun uh the important part is right here this is my address book and you see there's only one address in here it's linux at woot i could not come up with a better domain name so let's just try it out i'll just double click on this one and you see this command prompt opening this is pretty lame you could get rid of it but this is proof of concept anyway um actually it out the worm outputs a few information about what messages he created what email addresses it regained so if you're interested in that just you know keep the terminal open and you'll have a lot of fun watching it work so let's just suspend this and check the ubuntu box because i'm pretty sure we got mail over there and one of the things many people are afraid of are that those common immediate language codes would have to be invoked manually basically by saying mono and whatever program you want to run well yeah that's actually true but if you've ever done this before and you're on a desktop manager like kde or gnome it will ask you oh do you want to register that kind of file to any interpreter if you just click yes then you'll pretty much be able to double click the dot that executable and would do a work on a double click so i hope that i've got internet connectivity on this one otherwise it's just going to be one more check just getting a fresh IP around here yeah no we got it so back to full screen and let's start sunday bird over here and two would have expected we got an email from xp and you all saw that this as you can check out this email or as you can check out once i make the date a little larger this email was sent just a few seconds ago what actually it appears it wasn't because my box are off sync but this is the real email i can show you the mailbox will be empty afterwards and it basically tells you hi i've recently started to try programming this is my first code give it a shot and with akikaze attached to it so let's just move on we try to save that one to our desktop and being the normal l user we are we don't know that access don't usually belong on win on linux boxes so what we basically do is we double click this and that's pretty much it you don't see anything happening and that's a great thing you know if you're in a linux box and you tried this out you were probably saying oh well it didn't work it did work the only problem is you did not see anything let's start that from the console so you see what actually happens we're going to have two males in the bsd box but i guess you can live with that so this is the output you get if you try it on the console it says okay this is my username this is my home directory um i've got firefox installed i found that email address and i'm sending him the email i just wrote down so let's leave the linux box and as you saw i did not modify that code one single bit it was the exact same code i used on the windows box and we're going to drop into our third one and do the same thing on bsd now actually this says free bsd it's actually pc bsd which is basically free bsd but it was a lot nicer installer and if you're building like a lot of boxes to be used about one minute each you're going to really appreciate a nice installer okay let's just get that one up to the network once more okay there we go starting shannenberg this is the original version compiled for free bsd this is not something like you do with the compatibility layer to linux this one was actually compiled to run on free on free bsd and um it works so let's check our emails and you see we got two new messages that's exactly what i told you because the first time i just double clicked and the second time i ran from the console so both of them arrived here okay the beamers are back online and you'll see that the message actually adapted because now it says hi i wrote this program using a new approach what happened well the worm simply checks if you got gcc installed and if you do it expects it to be an advanced programmer this is pretty lame but this is just to show that you can actually adapt to the skill level to make it more reasonable to believe that worm so let's download it as well and try the same thing we just did on linux yep okay there we go um this time we're on kde so upon executing it we'll also see uh oh cool this is cut off by the beamer mostly but you see that there's a process working it's definitely done by now but kde tends to keep those running because it expects something to restart up but it doesn't so that's freebsd it's just a double click right i did not do anything extraordinary to this and i did surely not change it so let's suspend that box as well and check back to windows and if i'm not completely out of luck we should have one email by freebsd waiting in the windows box and this should just have done a round trip this is also why you always would want to get yourself something like three gigabytes of ram because when i bought this box i thought oh cool one gigabyte i could never use more than that but vml sure showed me that i could okay well just give him a new connection i guess he screwed up again yeah he got it okay he got his ip let's start thunderbird once more and yeah we got an email from freebsd it met the round trip it's actually that easy and as i said earlier you know i want to show this on vista because oh well everyone's always going crazy for vista and they said they put in that much that much security stuff actually to make this worm comfortable to vista i had to add exactly one line of code so that was not a really tough thing to do okay so back to the main presentation so i guess you're all convinced that this actually works now um let's just take a quick look at the limitations of course this technique rocks but it has flaws of course and both the concept of multi-platform malware has some serious problems as well as using runtime frameworks to doing it and even though those can be avoided you should know about them if you want to try stuff like this out the so let's take a look at multi-platform malware in the first place first and most importantly it still needs to be built for every single system that you wanted to work on um as you saw i use i'm using a lot of if else classes checking out the systems version because it's still not possible at least not for me to build a worm that will actually run any system without any adoption next it will get really nasty once we start jumping processing architectures because runtime frameworks even though they are great and even though they tell you oh this is going to work anywhere they tend to you know have problems if you jump from a spark to a x86 and of course it's just as detectable by antivirus as any other malware so if you want polymorphism in multi-platform malware you'll have to do it yourself and actually some people are doing that i saw some viral exchange groups just the other week who built a worm in c-sharp as well to also attack thunderbird and actually what they did was they made a jump in between various windows versions but you know five more lines of code it would have done linux so in the underground of antivirus of viral exchange this is already building up and they know how to do polymorphism and metamorphism of course at least i hope so and process runtime frameworks are first of all they need to be installed as you've seen you know that's not very a very great issue it's they usually are installed you may need to invoke them manually but that's also not that a big of an issue the real problem is intermediate languages are extremely easy to reverse engineer you can basically get the original code back so it won't take very long to find out what that program does and also if you're running an antivirus scanner on your system that does generic checking and that works with dotnet framework code and community languages it will basically be able to scan through the entire content and just tell you oh you know that's not really nice it's accessing your mail client okay so to sum things up a little and we'll have a discussion afterwards because i think that the real thing we need around here is some common sense because that's not hasn't happened yet but first you know as you've seen this stuff is real this is not just some theoretical idea you can actually create it it actually works and will be here in a couple of months or years but you can be sure that people will not stop missing out attacking linux boxes on the way because you know linux isn't becoming increasingly more popular so also as malware writers for commercial interests start to look at it and start oh well couldn't we grab like all the linux boxes well for just five percent more investments and yeah they can because all they have to do is write multiple platform so this will actually have the potential to change the way we look at computer security because currently consider network secure but as i've showed you before it's absolutely no problem to to just sync that worm or whatever you've written onto a pocket PC pocket PCs support the dotnet framework folks the xbox 360 natively executes common intermediate languages so you can basically jump anywhere you want and expect attack those networks locally or using the wireless network or using your bluetooth connection and actually no one's yet prepared for that we all expect you know oh that network is not online it's not connected to the internet it gotta be secure but as soon as your employees start carrying in their own worms and viruses on their PDAs and those PDAs start attacking your bluetooth clients for some stack overflow you never fixed because you thought oh we got physical controls at the entry yeah that's going to be a serious problem okay so anyone who has any questions remarks even if you want to call me an idiot just grab a mic i guess i got some in here i hope for them or grab mine come up front and ask yeah just one question is wouldn't the the code access security that's built into these you know iL systems actually defeat this if you set up like a machine config that you know would essentially sandbox any non-signed executable yeah you could defeat it that way that's correct actually but that's kind of hard to set up for that for the dotnet framework because you know microsoft always focuses on usability and they don't really care if you can secure it you can definitely do that it's just going to be a lot of work and not many people are going to do it but if you see this like a corporate enterprises they'll just do this by domain policy and you'll probably see that pretty be pretty common yeah you know that's actually what i hope that's going to happen because you know i'm releasing this to everyone and i'm pretty sure that we have people from both sides of the ring in this room we have white hats we have black hats we have security guys we have sys admins so yeah prepare your networks do something like you just said try to defend yourself because otherwise you'll run into a lot of trouble later come on i don't believe you that no one else in here has any other has not got any other questions os10 support i'm going to get that to work it might work already the problem is i don't have a mac at home but as soon as i get my hands on one of those you can be sure that it will run on os10 and basically os10 supports mono or the other way around so there should be no problem whatsoever it's basically unix no no i have never tried doing this on silverlight before i've been asked this a lot of times before but yeah that might actually be done later on or if anyone wants to just get the source code and do that yeah feel free feel free to drop me a lion yeah so actually just one thing i just wanted to actually have a comment on that one i've done a huge amount of research on dotnet framework right and the sandbox stuff actually doesn't work well actually works i've been arguing microsoft for three years that they should put everybody to use codec security by default and about dotnet and java are sleeping on the wheels because the problem you have here right it's not really dotnet and malware right the problem you have here is user land isolation the reality is not there's no one os out there who's able safely to execute malicious code so what you just shown here is i can i can take the advantage of the dotnet framework you know lack standard like you got mono you know and there's all that to write something which might be easier than if i have to write each individual one but the reality is that the problem here user line security and actually we actually have much powerful demos than the one you you know done here and i'm actually i want to help you on that one because you know we can do way much more on that one you know the problem here is full trust the problem is running with full trust with no isolation mono has no support for that right dotnet has support but nobody uses it so the stuff i've been doing with dotnet framework is like patching the clr you know putting you know root kit kind of behavior on dotnet frameworks which takes this to the next level so you know this is pretty cool because it shows you that you know you can actually write malware or examples of malware that will run across multiple platforms and they put all this security into dotnet and then uh pretty much universally everyone just wanted to know how to turn it off it's all right full well yeah but i mean well not entirely like if you were to run any executable off a network resource it would actually get turned back on and most people actually wanted to turn it back off and so it's the same problem that you've got with java right and now java is great because you got java web star which is like do you want me to own you yes and go boo right and microsoft has the click ones which is do you want me to own you and you get his full trust so yeah i definitely think that we you know we need to bring something next here that you know it's really going to take this to the next level but no very very cool stuff yeah feel free to contact me anyone else who wants to participate in this you know i'm i'm up for whatever as long as we can still gpl the code and your company does not stop you from doing though write me a line and we'll put something together yeah i just want to do sorry i just want to do a very cheap plugin for oasp right which is an open way application security project which i run the dotnet part of it if you guys interested in this i actually want to do a lot of this stuff over there right so actually i want to invite you because it's gpl so actually i can bring there and oasp is all open source right so you know we should move this some of this stuff over there okay anyway around as long as we get some common sense because as i said earlier if we don't act now we'll simply be overrun as soon as they actually start deploying those things yeah that worm won't hurt you at all but actually just add one more line saying format c or rm rf slash and your box down for so so um i have a pocket pc phone and this scares the hell out of me um it has wi-fi bluetooth and evdo right now it's only for thunderbird could it be morphed into also doing like outlook and annihilating everything if you got the dotnet running on that pocket pc which i don't know it's dependent on version yes definitely it could it could basically infect you from wherever you are you check your emails on outlook on your pocket pc and yeah there's no problem running one of those things okay okay so there's don't seem to be any further questions or if you got one raise your hand now good okay so then that's pretty much it thanks for coming in here and we've got to keep this one up