Author Topic: Virus Development  (Read 35202 times)

0 Members and 3 Guests are viewing this topic.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #45 on: September 18, 2005, 04:40:46 pm »
but go ahead and try distributing it yourself and see how many ppl you will infect...
That's asside from his point.

yes but it was pointless to say it when i clearly agreed with him above

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Virus Development
« Reply #46 on: September 18, 2005, 04:42:58 pm »
Hm, am I the only one here who realized..

- c0n can't spell
- c0n failed English eight times in a row in high school, then dropped out when he turned 18
- c0n thinks pr0j3kt m4yh3m isn't a joke (joe.x86labs.org points to my computer. Bite me please)
- c0n is a hopeless idiot
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Virus Development
« Reply #47 on: September 18, 2005, 04:44:03 pm »
roofle

Offline d&q

  • Hero Member
  • *****
  • Posts: 1427
  • I'm here.
    • View Profile
    • Site
Re: Virus Development
« Reply #48 on: September 18, 2005, 04:47:06 pm »
Can't we all just get along?  :'(
The writ of the founders must endure.

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Virus Development
« Reply #49 on: September 18, 2005, 04:49:52 pm »
You suck at blocking out your buddy's name on the taskbar in that gif, screenor. =P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #50 on: September 18, 2005, 04:58:13 pm »
Hm, am I the only one here who realized..

- c0n can't spell
- c0n failed English eight times in a row in high school, then dropped out when he turned 18
- c0n thinks pr0j3kt m4yh3m isn't a joke (joe.x86labs.org points to my computer. Bite me please)
- c0n is a hopeless idiot

dear joe,

- c0n can spell he just doesnt feel the need to on the intarweb
- the internet is not a serious place
- pr0j3kt m4yh3m is not a joke. ur ignorant about it so obviously you would have no idea.
- go leech more asm code for ur pathetic 'operating system'
- stop being a social whore
- i feel the need that i must re-iterate...

pr0j3kt m4yh3m is not a joke. perhaps it seems like a joke because they like to make fun
of the whitehats they own, and it happens to be funny. but ur wrong... its not a joke. if u wanna
get owned, joe, please go talk to people in #w0ah on efnet. oh wait... sorry... i cant give u the key
to that channel. i'd love to but i wont. u call me a hopeless moron but you are the one who leeched
the code for ur lame os. why dont u send an email to aer0@hush.com and talk about how u think
pr0j3kt m4yh3m is a joke. he runs www.dikline.com. tell him about how much of a hopeless kiddie bnet bot coder
you are, and that you think pr0j3kt m4yh3m is a joke. im pretty sure u would soon find out that it isnt.

here... ill start the email for u.

--email--

Dear aer0,

I am Joe, and I am a Battle.net bot coder. I think that
Pr0j3kt M4yh3m is a joke. Hold on, let me look at all the whitehat
ownings for your zine. Wow, your pr0j3kt m4yh3m cell has
owned a lot of whitehats for the dikline ezine. But pr0j3kt
m4yh3m is still a joke, because I am too ignorant to believe that there
are actually people out there that would do harm to poor, innocent,
pussy whitehats out there. It's a joke... a total joke. Please don't own
me, I'm not a whitehat. I just think you're a joke, and everyone
in your cell is a joke. F1sh got busted, but he's a joke, lolol!
Syke is a joke too, because, well, I don't know him! I dont know
anybody affiliated with pr0j3kt m4yh3m, but it is such a joke!
The_uT owned a lot of people and rm'd them, but once again...
a joke! pHC was a joke in 2002. Trust me, I know what I'm talking
about... I'm Joe, and I use my real name as a nick on the interweb!

Sincerely,

Joe[x86] - the ultimate bnet code leecher
--/email--

there you go, joe. alter it if you want... i dont care.

i mean i suppose its pretty fucking hard to type "pr0j3kt m4yh3m"
in google and not see all the websites that pop up about it?
theres even an article about pr0j3kt m4yh3m and whitehat hate crimes
in Wired Magazine.
« Last Edit: September 18, 2005, 05:02:52 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #51 on: September 18, 2005, 05:04:45 pm »
but a virus would be completely stupid if it wasnt distributed in some way

It's not completely stupid.  Although I know it's a waste of my time, I'll explain why. 

What if I'm trying to break into a business?  They have firewalls anti-virus and IPS and all the toys.  How do I get in? 

Simple! I write a custom virus.  I email it to an employee, with a message customized for the employee in question.  He runs the program, gets infected, and is at my mercy.  Because it's a custom virus, it's not going to get picked up by the anti-virus.  Because it's not distributing itself, it's not going to be detected by other employees. 

Presumably, the virus would give me remote access to his computer.  Say, for example, it infects Internet Explorer so that, as soon as he opens his browser, it also connects to me (since browsers are typically allow(all) in the firewall) and gives me the information I need. 

Since you're a blackhat, you really ought to know the usefulness of a virus that doesn't spread on its own (particularly in terms of evading detection).  I'm surprised you don't. 


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #52 on: September 18, 2005, 05:09:04 pm »
but a virus would be completely stupid if it wasnt distributed in some way

It's not completely stupid.  Although I know it's a waste of my time, I'll explain why. 

What if I'm trying to break into a business?  They have firewalls anti-virus and IPS and all the toys.  How do I get in? 

Simple! I write a custom virus.  I email it to an employee, with a message customized for the employee in question.  He runs the program, gets infected, and is at my mercy.  Because it's a custom virus, it's not going to get picked up by the anti-virus.  Because it's not distributing itself, it's not going to be detected by other employees. 

Presumably, the virus would give me remote access to his computer.  Say, for example, it infects Internet Explorer so that, as soon as he opens his browser, it also connects to me (since browsers are typically allow(all) in the firewall) and gives me the information I need. 

Since you're a blackhat, you really ought to know the usefulness of a virus that doesn't spread on its own (particularly in terms of evading detection).  I'm surprised you don't. 



ur right about all that, except what i was trying to say is that a virus that does not distribute itself is pretty lame. why waste ur time writing a virus that wont spread itself to own some company when you can just write an exploit and own him (then u dont have to email him or her!)... then hes still at ur mercy. or better yet, write a worm that exploits him and exploits the network... then u have access to the whole network.

im not a blaqhat... i just believe in the blaqhat ideas.
if i cant haq, then i obviously cannot be a blaqhat.

doing what you said though... thats like almost as stupid as using a trojan, except the fact that u wrote it yourself. most employees would probably know better than to download an attachment anyway... unless you use addresses from people they know.

any virus out there wild on the internet has a way of distributing itself (otherwise it wouldnt be out there in the 'wild')... so why not incorporate that into the definition? i'd say ur idea is more of a trojan. trojans do however show up on anti virus programs. but they are still not really viruses in my opinion (my opinion isnt humble though)

joe: when are you going to show evidence of how i supposedly failed english 8 times because i spelled so many things wrong in this topic (which isnt true...). i have never failed an english class... but that doesnt matter, and isnt the topic. i am not some perfect punctuation using person anymore. so stop thinking ur all smart and stuff because you can use it. any 10 year old can use punctuation on the internet... even you. joe, ur such a social whore... even though you suck at being one (which isnt a bad thing)
« Last Edit: September 18, 2005, 05:24:02 pm by c0n »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #53 on: September 18, 2005, 05:23:59 pm »
ur right about all that, except what i was trying to say is that a virus that does not distribute itself is pretty lame. why waste ur time writing a virus that wont spread itself to own some company when you can just write an exploit and own him (then u dont have to email him or her!)... then hes still at ur mercy. or better yet, write a worm that exploits him and exploits the network... then u have access to the whole network.
Because, as I said, it evades detection.  It's easy to notice it spreading, but it's hard to notice it dormant on some specific machine. 

Quote
doing what you said though... thats like almost as stupid as using a trojan, except the fact that u wrote it yourself. most employees would probably know better than to download an attachment anyway... unless you use addresses from people they know.
That's the point of customizing it.  You fake the return address of their boss, and make it look like their boss wrote the email and is asking you to check the program, or something.  It would use their real name and phone number, and look totally authentic.

Quote
any virus out there wild on the internet has a way of distributing itself (otherwise it wouldnt be out there in the 'wild')... so why not incorporate that into the definition? i'd say ur idea is more of a trojan. trojans do however show up on anti virus programs. but they are still not really viruses in my opinion (my opinion isnt humble though)
Any virus in the wild is useless for many purposes, because it's easy to detect.  The POINT of a virus that doesn't spread, as I've been TRYING to tell you, is that it's a targetted attack.  Not all attacks are widespread, the best ones are targetted. 


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #54 on: September 18, 2005, 05:28:26 pm »
ur right about all that, except what i was trying to say is that a virus that does not distribute itself is pretty lame. why waste ur time writing a virus that wont spread itself to own some company when you can just write an exploit and own him (then u dont have to email him or her!)... then hes still at ur mercy. or better yet, write a worm that exploits him and exploits the network... then u have access to the whole network.
Because, as I said, it evades detection.  It's easy to notice it spreading, but it's hard to notice it dormant on some specific machine. 

Quote
doing what you said though... thats like almost as stupid as using a trojan, except the fact that u wrote it yourself. most employees would probably know better than to download an attachment anyway... unless you use addresses from people they know.
That's the point of customizing it.  You fake the return address of their boss, and make it look like their boss wrote the email and is asking you to check the program, or something.  It would use their real name and phone number, and look totally authentic.

Quote
any virus out there wild on the internet has a way of distributing itself (otherwise it wouldnt be out there in the 'wild')... so why not incorporate that into the definition? i'd say ur idea is more of a trojan. trojans do however show up on anti virus programs. but they are still not really viruses in my opinion (my opinion isnt humble though)
Any virus in the wild is useless for many purposes, because it's easy to detect.  The POINT of a virus that doesn't spread, as I've been TRYING to tell you, is that it's a targetted attack.  Not all attacks are widespread, the best ones are targetted. 



trojans try to evade detection as well. even polymorphic shellcode tries to evade detection, but that doesnt mean its a virus. i guess it takes the characteristic of a virus, but that doesnt make it one. even a script kiddie can try to evade detection. they are viruses that spread, though... if you get what eye mean!

but still, why waste ur time writing a virus to 0wn this poor person in a business? why not just write an exploit? i'd like to hear why you would waste ur time with this, iago. u are afterall a whitehat... (no intended insult this time, i promise)

go ahead and waste ur time writing a virus and sending it to this person though. you could just make it a lot more fun and write an exploit and 0wn the network with that.
« Last Edit: September 18, 2005, 05:38:16 pm by c0n »

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Virus Development
« Reply #55 on: September 18, 2005, 05:37:54 pm »
So, you are trying to gain access to a specific computer, and somehow you recieve knowledge of what programs are running, and write up some exploits to one of those programs, since it's so easy to do on call, and then just exploit them knowing only what their email address is. Sounds to me like iago's way is more real-world applicable, '0wning whitehatz via blaqhat exploitz' seems to only exist in your fantasy world.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #56 on: September 18, 2005, 05:41:40 pm »
So, you are trying to gain access to a specific computer, and somehow you recieve knowledge of what programs are running, and write up some exploits to one of those programs, since it's so easy to do on call, and then just exploit them knowing only what their email address is. Sounds to me like iago's way is more real-world applicable, '0wning whitehatz via blaqhat exploitz' seems to only exist in your fantasy world.

yeah i guess anybody would just write an exploit only knowing someones email *sigh*. though you probably know that they are using the company email, so im guessing the domain would be included... so then you could have a little information? yeah ur pretty smart quik. yeah, but, uhhh, exploits only exist in my fantasy world, if you want to believe that. even you, being a whitehat who runs around looking at securityfocus, should know that what you said is not true at all. or maybe you dont... considering you spend time looking at public exploits and not actual private shit that is within possession of individuals who could probably own just about any system they want.
« Last Edit: September 18, 2005, 05:43:44 pm by c0n »

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Virus Development
« Reply #57 on: September 18, 2005, 05:48:07 pm »
So, you are trying to gain access to a specific computer, and somehow you recieve knowledge of what programs are running, and write up some exploits to one of those programs, since it's so easy to do on call, and then just exploit them knowing only what their email address is. Sounds to me like iago's way is more real-world applicable, '0wning whitehatz via blaqhat exploitz' seems to only exist in your fantasy world.

yeah i guess anybody would just write an exploit only knowing someones email *sigh*. though you probably know that they are using the company email, so im guessing the domain would be included... so then you could have a little information? yeah ur pretty smart quik. yeah, but, uhhh, exploits only exist in my fantasy world, if you want to believe that. even you, being a whitehat who runs around looking at securityfocus, should know that what you said is not true at all. or maybe you dont... considering you spend time looking at public exploits and not actual private shit that is within possession of individuals who could probably own just about any system they want.

Leave it up to c0n to completely misinterpret what I said. Now, if you're going to try and prove a point by gaining access to a company machine, iago's way would make sense. All you need is a little bit of ingenuity while coding, and the person's company email, and you can effectively gain access undetected. Now, your way, you would need to know what programs they use, and would need to spend some time either A. finding an exploit and coding a way to take advantage of it, or B. Do what you do and just hang around 'blackhats' to hope they give you code.

You seem to act like you monitor my online activities, judging by how you talk about my "running around looking at securityfocus" and "being a whitehat". Try to read posts more carefully, and use your brain to analize what's being told to you.

You're dangerously close to being banned from this server in general. It's getting really old.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Virus Development
« Reply #58 on: September 18, 2005, 05:49:21 pm »
And c0n goes from idiot to asshole. I once again move to ban him from the forums.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #59 on: September 18, 2005, 06:16:52 pm »
trojans try to evade detection as well. even polymorphic shellcode tries to evade detection, but that doesnt mean its a virus. i guess it takes the characteristic of a virus, but that doesnt make it one. even a script kiddie can try to evade detection. they are viruses that spread, though... if you get what eye mean!
Polymorphic shellcode isn't designed to evade detection, but it can be used that way.  It's generally used to slip through filters (for example, UTF-8-only, ascii-only, Unicode-only, etc.). 


Quote
but still, why waste ur time writing a virus to 0wn this poor person in a business? why not just write an exploit? i'd like to hear why you would waste ur time with this, iago. u are afterall a whitehat... (no intended insult this time, i promise)
You might not have access to the softwar they're running (maybe it's proprietary?).  IPS systems will often stop exploits, they can often heuristically detect things like overflows.  They should have a firewall in the way with no incoming connections allowed. 

Yes, I'm a white-hat, but I still understand how attackers work.

Quote
go ahead and waste ur time writing a virus and sending it to this person though. you could just make it a lot more fun and write an exploit and 0wn the network with that.
You can't always do that
« Last Edit: September 18, 2005, 06:33:33 pm by iago »