Virus Development

Ergot · September 17, 2005, 02:26:20 PM

Nice job filtering the Screen Names. You do know that his Screen Name is on the tab right?

iago · September 17, 2005, 03:01:54 PM

Who actually leaves a packetsniffer running overnight? I mean, besides me (I have Snort running 24/7 to detect stuff like that) :P

Also, what happens if the trojan developer was smart and tunneled it over a known protocol? Like, what if they mimic AIM or MSN or HTTP or Steam or something else that you consider safe? What happens if it tunnels commants over, say, ICMP? (Sure, the numbers will go up on the ICMP list, but if you look at them it'll look like somebody is pinging you).

There is at least one backdoor that is controlled by ping packets. I forget what it's called, but it's pretty cool.

What about failed connections? Failed connections can also be used to control a program. There's another backdoor for Linux (a proof of concept) that does communication through SYN and RST pairs, so to a packetlogger it looks like a series of failed connections, or a portscan. There aren't even any data packets passed, the data is encoded in packet headers. There are lots of ways to hide :)

What about one that connects to IRC, then idles until it gets a command? You won't see packets unless it's being actively controlled, so you won't see it happening unless it's actively being used. That's another one you won't pick up unless you leave a packetsniffer running 24/7.

Yes, some remote access programs can be found by packetlogging, but that's not always the case.

Sidoh · September 17, 2005, 03:22:47 PM

Quote from: iago on September 17, 2005, 03:01:54 PM
Who actually leaves a packetsniffer running overnight? I mean, besides me (I have Snort running 24/7 to detect stuff like that) :P

Also, what happens if the trojan developer was smart and tunneled it over a known protocol? Like, what if they mimic AIM or MSN or HTTP or Steam or something else that you consider safe? What happens if it tunnels commants over, say, ICMP? (Sure, the numbers will go up on the ICMP list, but if you look at them it'll look like somebody is pinging you).

There is at least one backdoor that is controlled by ping packets. I forget what it's called, but it's pretty cool.

What about failed connections? Failed connections can also be used to control a program. There's another backdoor for Linux (a proof of concept) that does communication through SYN and RST pairs, so to a packetlogger it looks like a series of failed connections, or a portscan. There aren't even any data packets passed, the data is encoded in packet headers. There are lots of ways to hide :)

What about one that connects to IRC, then idles until it gets a command? You won't see packets unless it's being actively controlled, so you won't see it happening unless it's actively being used. That's another one you won't pick up unless you leave a packetsniffer running 24/7.

Yes, some remote access programs can be found by packetlogging, but that's not always the case.

Owned? Mmhm.

c0n · September 17, 2005, 06:08:29 PM

that isnt a virus... a virus needs to reproduce itself and distribute itself.

iago · September 17, 2005, 06:47:51 PM

Quote from: c0n on September 17, 2005, 06:08:29 PM
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said. Glad to know you can repeat, while still managing to get it wrong! A virus doesn't need to distribute itself to be a virus.

Screenor · September 17, 2005, 08:41:21 PM

Quote from: Ergot on September 17, 2005, 02:26:20 PM
Nice job filtering the Screen Names. You do know that his Screen Name is on the tab right?

If you don't have anything to say intelligent, or atleast that would contribute to the topic, don't reply.

I realized I didn't while I was uploading the file, and I had thought I posted in my post I was just too lazy to go back and remove it. If you're mature enough, you wont message him anyway, he WILL tell me you did.

And iago: I do, if that's not that much to for you to except. :P

My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)

Sidoh · September 17, 2005, 09:09:00 PM

Ghey! :p

iago · September 17, 2005, 10:00:38 PM

Quote from: Scr33n0r on September 17, 2005, 08:41:21 PM
And iago: I do, if that's not that much to for you to except. :P

You do what? My post was rather lengthy with many suggestions..

Quote
My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)

That's boring, that's been done so many time for so many different viruses that it's just boring.

Screenor · September 17, 2005, 11:55:12 PM

Quote from: iago on September 17, 2005, 10:00:38 PM
Quote from: Scr33n0r on September 17, 2005, 08:41:21 PM
And iago: I do, if that's not that much to for you to except. :P
You do what? My post was rather lengthy with many suggestions..

Quote
My idea of a fun virus:

Description:
This file is similar to the "BOOM" program, except it is about 200% better in terms of actually doing stuff instead of looking cool. Plus it ain't no joke. This is what is called a .vbs virus, which means, contrast to what most ppl think of a virus, it isn't an .exe but works the same way - just invisible. The reason vbs is good is because you can mask it as other files (which i have done for you). You can set it to look like a txt file, and even open and display text as though it was a text file...except you have been infected with the virus. This is extremely helpful because the person doesn't know they've been infected. I have a list of the things that it does once infected:
1.Displays messagebox saying "n0 EscApE".
2.Copies, and recopies itself to the system root.
3.Activiates anti-delete by making the computer think its a system file.
4.Randomly will display the messagebox.
5.Will save fake explicit photos and text on the A: and C: disk drives.
6.It will secretly attach itself to an email, then invisibly send itself to every single person on the vicims' email directory.
7.Loops for the next victim, then on, and on, and on...

(Not idea, to be technical, I have this file, I just don't go and give it to people.)
That's boring, that's been done so many time for so many different viruses that it's just boring.

Er, run a packet sniffer.* Just I do it maybe once a week, because if I logged that much, I'd be out of HDD space in no time.

c0n · September 18, 2005, 04:27:59 AM

Quote from: iago on September 17, 2005, 06:47:51 PM
Quote from: c0n on September 17, 2005, 06:08:29 PM
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said. Glad to know you can repeat, while still managing to get it wrong! A virus doesn't need to distribute itself to be a virus.

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

_{whitehat scum}

Krazed · September 18, 2005, 07:47:09 AM

You are honestly a fucking moron..

iago · September 18, 2005, 10:02:13 AM

Quote from: c0n on September 18, 2005, 04:27:59 AM
Quote from: iago on September 17, 2005, 06:47:51 PM
Quote from: c0n on September 17, 2005, 06:08:29 PM
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said. Glad to know you can repeat, while still managing to get it wrong! A virus doesn't need to distribute itself to be a virus.

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

_{whitehat scum}

How about, I email it to somebody? It's not distributing itself.

Joe · September 18, 2005, 01:25:28 PM

Quotewhitehat scum

And suddenly c0n loses what little respect I had left for him.

c0n · September 18, 2005, 04:36:07 PM

Quote from: iago on September 18, 2005, 10:02:13 AM
Quote from: c0n on September 18, 2005, 04:27:59 AM
Quote from: iago on September 17, 2005, 06:47:51 PM
Quote from: c0n on September 17, 2005, 06:08:29 PM
that isnt a virus... a virus needs to reproduce itself and distribute itself.

That's what I said. Glad to know you can repeat, while still managing to get it wrong! A virus doesn't need to distribute itself to be a virus.

i didnt read all the posts.. i skimmed the first 2 or whatever and then decided that i would say that.

but a virus would be completely stupid if it wasnt distributed in some way... but i guess ur right that it doesnt need to. it does need to reproduce itself though.
i didnt repeat you knowing that i was repeating you. i also think that any successful virus would need to find a means of distributing itself to be... well... successful
so i guess i can safely say that a virus will reproduce itself & distribute itself.

so this means i wasnt really wrong. i was just being smarter and including a characteristic that basically every virus includes... a way of distributing itself across the interweb.
there's no reason to leave that out.

_{whitehat scum}

How about, I email it to somebody? It's not distributing itself.

read what i said...

i said it doesnt NEED to..
but go ahead and try distributing it yourself and see how many ppl you will infect...

Quote from: Joe[e2] on September 18, 2005, 01:25:28 PM
Quotewhitehat scum

And suddenly c0n loses what little respect I had left for him.

your respect means nothing to me... and never did.
ur just some vb coder that codes lame shyt.

Quote from: Krazed on September 18, 2005, 07:47:09 AM
You are honestly a fucking moron..

even if i said something intelligent on this forum you would say the same thing.
what you think of me means nothing to me. the only thing you didnt like was the
thing i said about whitehats. h0h0h0...

Sidoh · September 18, 2005, 04:36:57 PM

Quote from: c0n on September 18, 2005, 04:36:07 PM
but go ahead and try distributing it yourself and see how many ppl you will infect...

That's asside from his point.

Clan x86

News:

Virus Development

Ergot

iago

Sidoh

c0n

iago

Screenor

Sidoh

iago

Screenor

c0n

Krazed

iago

Joe

c0n

Sidoh