For those who have read a few posts I have made here in the past about what certainly is coming down the pipe (because I feel that most of the releases in the past year are nothing more than tests for horribleness yet to come), I have gathered some info from a very reliable source about polymorphic viruses that will be coming to a theatre near you...

For reference purposes:
http://www.antionline.com/showthread.php?s=&postid=740335#post740335

Author: Dr3f (You probably dont know him -- I only know of one other virus that he has coded - WM.NotFam)
Name of virus: Win32.Voltage
Detected: Not yet.. he says it 'may' be in the wild, but he hasn't released it yet.
It is written in ASM and is about 3800 lines of code (I dont have the source.. but that is how long he said it was)
Description: (From Dr3f) My new worm has the follow capabilities: global resident,PE\RAR infector,polymorphic with EPO feature,has mail worm that spoof address,that send itself to all temp inet files addresses and to all friends in the WAB.
Win32.Voltage is infected over a script encoder in this sample.
It drops a copy of the original virus as the name wvltg.exe into the system directory.
I found this interesting as it is a polymorphic, file infecting, mass mailing worm. There aren't many of these floating around.

BRING IT ON!

thats all I can say...other than that...we're fukced :*(

What exactly does polymorphic mean? Is it like - the worm can change its executable so it still operates but escapes AV's?

polymorphic means that each time the virus copies itself, the fingerprint looks a little different, like varying the size or pattern of the executable. it does that so it's harder for av software to detect.

polymorphic means that each time the virus copies itself, the fingerprint looks a little different, like varying the size or pattern of the executable. it does that so it's harder for av software to detect.
Ah, that's what I thought. Thanks for the clarification :)

mjk

oh boy! what an accomplishment. his folks must be so proud.

I wonder how well the anti-virus companies are going to handle this. I agree with cybr1d.

Well I'm guessing the usual, Wreck havoc for a while just like melissa and code red and whatnot, and then get fixed, and then have about 100 new people on AO asking us how to fix their problem *whatever might the virus cause* :D

I bow to your ability to read the future OH Great One. (bow,bow,bow dance around fire.)

can you do a rain dance?

Yes, but it takes a couple of hours to do. and I am to tried right now. maybe later if you still need it.

Hey, I can do a mating dance. Maybe if I dance around my computer, the poly virus will be so scared it won't bother me....lol
/me goes off to find my fatman dancing avatar.

polymorphic huh? kinda like REAL viruses that evolve and change themselves to get around your body's defenses, interesting....

Thanks for the info, didn't know that word existed lol.

Man I feel dumb :(

When is DARPA going to come out with their new stuff on defending against these worms? THorse13 so about this dreadful- dr3f- what are you guessing about him, is he part of a group or ridin solo with his code? I sware to GD if this sh*t causes bad bandwith or none at all during these unfoldings, I'm going to not pay my cable bill. That lagg last time was BS.
.

Doug Ross - Software Management & Operations
Email: dr3f @ virginia.edu


Doug is a programmer at the University of Virginia. Doug is the technical lead for content at Project Implicit demonstration and research websites. He manages the updating and upgrading of front-end site content. He is the co-editor of the Project Implicit software manual.
http://projectimplicit.net/people.htm

will it be worst than the I Love You virus?

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=257274#post741352) by Ushema
will it be worst than the I Love You virus?

It's going to be the new Y2k straight up armageddon! Fking scarface, last scene, two bazookas under the arms!

I swear, I'm not going to pay $50 a month for a friggin 100k connection again.

LOL, nope. This is not the same person. This guy (the dr3f) operates outside of the US.

Don't care... im beating the shit out of every Douglas Ross that I possably can.

Specialist please delete your previous post to protect their privacy. Who knows we have anough freaks out there that will do something stupid with that information. I wouldn't be too happy if someone posted my name and phone number in a public forum :)

Ohhhhhh....well, i'll have to be with cybr1d on this


Bring it one Mr. Virus, you've just made my day...week...i mean month

will it be worst than the I Love You virus?


before msblast, and sobig.f, swen and the netsky, mydoom, bagle.. there was Klez/elkern it made "I love you" look like a flash in the pan..

Hey theHorse, how exactly is he making it polymorphic? Does it just add more code to the end of itself after each copy? If you know any more info about his proof of concept I would love to hear it. If not then just make something up and make sure that it involves at least one of the three below:

1.) magic beans
2.) wizards
3.) more of Undertakers below the belt comments on Bill Gates

http://vx.netlux.org/lib/static/vdat/pviripd.htm

Thats a nice little read...take a look.

I like the comment at the end of the document in your link Cybr1d...

We believe that neither harsh legislation nor emphasis on responsible computing can stop virus development, although they may slow it down. It is necessary to take matters into your own hands and protect your computers adequately.

Ain't it the truth.. more than ever..

to me the current worms are beating around the "the Door", add polymorphism, and a few other old tricks.. attack the real door. and POW..

Cheers

It is written in ASM and is about 3800 lines of code

3800 lines of assembly? Holy crap!! I'd pity 'him' for writing all that if it weren't for the fact that the thing will raise more hell online than I'd care to think about. But seriously, what possesses someone to create something that will only wreak havoc?

alpha

Many things can drive a person through all that...I can name Anger, Jealosy, Spite, Malice, Curiosity, Sense of achievement, experiment, and also just because he can.

Hi,

http://www.runtimeware.com

"Sentinel" is a reasonable integrity checker

http://digilander.libero.it/zancart

"Winsonar" checks for new processes launching in the background, and can be set to prevent new executables being launched when you have an internet connection open.

http://www.winpatrol.com
http://www.diamondcs.co.au (RegistryProt)

If you haven't already got them
:D

Every little helps?

EDIT: http://www.f-secure.com/v-descs/magistr.shtml

I know it is three years old, but was along the same lines as what is being discussed here?