Author Topic: Virus Development  (Read 35394 times)

0 Members and 4 Guests are viewing this topic.

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Virus Development
« Reply #30 on: September 17, 2005, 02:26:20 pm »
Nice job filtering the Screen Names. You do know that his Screen Name is on the tab right?
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #31 on: September 17, 2005, 03:01:54 pm »
Who actually leaves a packetsniffer running overnight?  I mean, besides me (I have Snort running 24/7 to detect stuff like that) :P

Also, what happens if the trojan developer was smart and tunneled it over a known protocol? Like, what if they mimic AIM or MSN or HTTP or Steam or something else that you consider safe?  What happens if it tunnels commants over, say, ICMP? (Sure, the numbers will go up on the ICMP list, but if you look at them it'll look like somebody is pinging you). 

There is at least one backdoor that is controlled by ping packets.  I forget what it's called, but it's pretty cool. 

What about failed connections? Failed connections can also be used to control a program.  There's another backdoor for Linux (a proof of concept) that does communication through SYN and RST pairs, so to a packetlogger it looks like a series of failed connections, or a portscan.  There aren't even any data packets passed, the data is encoded in packet headers.  There are lots of ways to hide :)

What about one that connects to IRC, then idles until it gets a command?  You won't see packets unless it's being actively controlled, so you won't see it happening unless it's actively being used.  That's another one you won't pick up unless you leave a packetsniffer running 24/7. 

Yes, some remote access programs can be found by packetlogging, but that's not always the case. 

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Virus Development
« Reply #32 on: September 17, 2005, 03:22:47 pm »
Who actually leaves a packetsniffer running overnight?  I mean, besides me (I have Snort running 24/7 to detect stuff like that) :P

Also, what happens if the trojan developer was smart and tunneled it over a known protocol? Like, what if they mimic AIM or MSN or HTTP or Steam or something else that you consider safe?  What happens if it tunnels commants over, say, ICMP? (Sure, the numbers will go up on the ICMP list, but if you look at them it'll look like somebody is pinging you). 

There is at least one backdoor that is controlled by ping packets.  I forget what it's called, but it's pretty cool. 

What about failed connections? Failed connections can also be used to control a program.  There's another backdoor for Linux (a proof of concept) that does communication through SYN and RST pairs, so to a packetlogger it looks like a series of failed connections, or a portscan.  There aren't even any data packets passed, the data is encoded in packet headers.  There are lots of ways to hide :)

What about one that connects to IRC, then idles until it gets a command?  You won't see packets unless it's being actively controlled, so you won't see it happening unless it's actively being used.  That's another one you won't pick up unless you leave a packetsniffer running 24/7. 

Yes, some remote access programs can be found by packetlogging, but that's not always the case. 

Owned?  Mmhm.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #33 on: September 17, 2005, 06:08:29 pm »
that isnt a virus... a virus needs to reproduce itself and distribute itself.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #34 on: September 17, 2005, 06:47:51 pm »
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said.  Glad to know you can repeat, while still managing to get it wrong!  A virus doesn't need to distribute itself to be a virus. 

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Virus Development
« Reply #35 on: September 17, 2005, 08:41:21 pm »
Nice job filtering the Screen Names. You do know that his Screen Name is on the tab right?
If you don't have anything to say intelligent, or atleast that would contribute to the topic, don't reply.

I realized I didn't while I was uploading the file, and I had thought I posted in my post I was just too lazy to go back and remove it. If you're mature enough, you wont message him anyway, he WILL tell me you did.

And iago: I do, if that's not that much to for you to except. :P

My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)
« Last Edit: September 17, 2005, 08:43:43 pm by Scr33n0r »

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Virus Development
« Reply #36 on: September 17, 2005, 09:09:00 pm »
Ghey! :p

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #37 on: September 17, 2005, 10:00:38 pm »
And iago: I do, if that's not that much to for you to except. :P
You do what?  My post was rather lengthy with many suggestions..

Quote
My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)
That's boring, that's been done so many time for so many different viruses that it's just boring. 

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Virus Development
« Reply #38 on: September 17, 2005, 11:55:12 pm »
And iago: I do, if that's not that much to for you to except. :P
You do what?  My post was rather lengthy with many suggestions..

Quote
My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)
That's boring, that's been done so many time for so many different viruses that it's just boring. 

Er, run a packet sniffer.* Just I do it maybe once a week, because if I logged that much, I'd be out of HDD space in no time.

Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #39 on: September 18, 2005, 04:27:59 am »
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said.  Glad to know you can repeat, while still managing to get it wrong!  A virus doesn't need to distribute itself to be a virus. 

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

whitehat scum
« Last Edit: September 18, 2005, 04:38:53 am by c0n »

Offline Krazed

  • x86
  • Hero Member
  • *****
  • Posts: 1822
    • View Profile
Re: Virus Development
« Reply #40 on: September 18, 2005, 07:47:09 am »
You are honestly a fucking moron..
It is good to be good, but it is better to be lucky.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Virus Development
« Reply #41 on: September 18, 2005, 10:02:13 am »
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said.  Glad to know you can repeat, while still managing to get it wrong!  A virus doesn't need to distribute itself to be a virus. 

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

whitehat scum

How about, I email it to somebody?  It's not distributing itself.

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Virus Development
« Reply #42 on: September 18, 2005, 01:25:28 pm »
Quote
whitehat scum

And suddenly c0n loses what little respect I had left for him.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline c0n

  • Full Member
  • ***
  • Posts: 201
  • I'm new here!
    • View Profile
Re: Virus Development
« Reply #43 on: September 18, 2005, 04:36:07 pm »
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said.  Glad to know you can repeat, while still managing to get it wrong!  A virus doesn't need to distribute itself to be a virus. 

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

whitehat scum

How about, I email it to somebody?  It's not distributing itself.


read what i said...

i said it doesnt NEED to..
but go ahead and try distributing it yourself and see how many ppl you will infect...
Quote
whitehat scum

And suddenly c0n loses what little respect I had left for him.

your respect means nothing to me... and never did.
ur just some vb coder that codes lame shyt.

You are honestly a fucking moron..

even if i said something intelligent on this forum you would say the same thing.
what you think of me means nothing to me. the only thing you didnt like was the
thing i said about whitehats. h0h0h0...
« Last Edit: September 18, 2005, 04:39:31 pm by c0n »

Offline Sidoh

  • Moderator
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Virus Development
« Reply #44 on: September 18, 2005, 04:36:57 pm »
but go ahead and try distributing it yourself and see how many ppl you will infect...
That's asside from his point.