Author Topic: Virus Development  (Read 35351 times)

0 Members and 1 Guest are viewing this topic.

Offline Koga73

  • Newbie
  • *
  • Posts: 19
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #75 on: September 20, 2005, 03:15:17 pm »
talkin about viruses... well, i read the initial post with the floppy and all, and alot of motherboards now days can update their bios, so if u really wanna fuck up some1s computer (i wouldnt do this), just make an exe that copies some files onto a floppy if one is in the drive, and if it copies successfully, make it reboot. Make one of the files be a fake bios update so itll totally mess up the bios rendering the motherboard pretty much unusable.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Virus Development
« Reply #76 on: September 20, 2005, 03:23:55 pm »
I think that was already stated, or something around that lines.

I wonder if every programmer on this board released worms how fast they would get hunted down... Not that we would do that.
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #77 on: September 20, 2005, 07:32:43 pm »
talkin about viruses... well, i read the initial post with the floppy and all, and alot of motherboards now days can update their bios, so if u really wanna fuck up some1s computer (i wouldnt do this), just make an exe that copies some files onto a floppy if one is in the drive, and if it copies successfully, make it reboot. Make one of the files be a fake bios update so itll totally mess up the bios rendering the motherboard pretty much unusable.

Most motherboards come with a BIOS flash disk, so you can re-load the bios if it gets corrupted.  Of course, that doesn't always work, as my friend found out.  But they gave him a new motherboard, so.. :)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Virus Development
« Reply #78 on: September 20, 2005, 07:53:09 pm »
Comparing BIOS to system software is about impossible, but I'll try anyhow. The Macintosh Classic II (and others?) had System 6(.0.4?) installed in its ROM, so if you ever needed to restore it, you would just restart with some fancy command combo (like how Apple+C = CD, Apple+T = Firewire HD) and drag it from the ROM disk to your HD. Back to BIOS, some mobo's might be like that.

EDIT -
Come to discuss it, where is the BIOS software, for lack of a better term, stored? I always though it lived in the ROM chip.
EDIT2: Perhaps on an EP-ROM chip, so it can be upgraded? But then it'd have to be exposed to UV..
« Last Edit: September 20, 2005, 07:59:55 pm by Joe[e2] »
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Virus Development
« Reply #79 on: September 20, 2005, 08:07:06 pm »
FYI: ls returning a seg fault is a common symptom of a machine that's been rooted and has a rootkit installed. Often times, comparing ps and /proc isn't necessary.

Also, don't assume that every malicious file will crash the system or even cause strange things like program crashing and memory consumption. If the windows virus or worm needs restart to fully establish and replicate, it would be more effective to wait for manual restart. Same with Linux exploits, it was just an effect of that one exploit which used consume_memory, not all will do this obviously, and it will be alot more tough to detect a compromised system than it was before.

As far as Windows vs. Linux as far as which is easier to mask infection, I'm not going to go into that. Too many things to bring up in that discussion, it makes no sense to argue it till the cows come home.
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Virus Development
« Reply #80 on: October 04, 2005, 06:30:11 pm »
Newby, white chick, help me!

Quote
joe@JoeMomma:~ $ echo "There are really" `ls -d /proc/* | grep [0-9] | wc -l` "processes running on my boxen." ;
There are really 84 processes running on my boxen.
joe@JoeMomma:~ $ echo "ps tells me there are" `ps aux | wc -l` "processes running. Hmm.."
ps tells me there are 86 processes running. Hmm..
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #81 on: October 05, 2005, 06:35:28 pm »
I'm not entirely sure that that means anything useful. 

Anyway, on the topic of hiding a rootkit, here's a neat article I read a couple days ago:
http://www.phrack.org/phrack/63/p63-0x08_Raising_The_Bar_For_Windows_Rootkit_Detection.txt

Offline Warrior

  • supreme mac daddy of trolls
  • Hero Member
  • *****
  • Posts: 7503
  • One for a Dime two for a Quarter!
    • View Profile
Re: Virus Development
« Reply #82 on: October 06, 2005, 03:55:16 pm »
how about a virus that can be downloaded and plan itself as a replacement kernel for windows following that it would have full control of the system calls within the systems and could have bad results.

I'm thinking overwriting the harddrive with zero's and going into SMM (System Management Mode) and doing something VERY evil.
One must ask oneself: "do I will trolling to become a universal law?" And then when one realizes "yes, I do will it to be such," one feels completely justified.
-- from Groundwork for the Metaphysics of Trolling

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #83 on: October 06, 2005, 11:46:25 pm »
how about a virus that can be downloaded and plan itself as a replacement kernel for windows following that it would have full control of the system calls within the systems and could have bad results.

That's what rootkits basically do.  They intercept syscalls.