quarantine?
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: quarantine?

  1. #1
    Banned
    Join Date
    Apr 2002
    Posts
    156

    quarantine?

    I wanna examine a couple of viruses to see how they work. Is there any way (or anywhere) I could look at these infected files without getting infected myself? I was wondering if there is a program that would let you read infected files (virus codes etc.) without getting infected and it spreading to your computer (like a program that would lock in all effects of the viruses so they can't infect my system and cause damage). Even if I could steralize the virus (clean it). If I cleaned it with my AVs would it still contain the destructive code or would the destructive code be cleaned (erased) from the source code?

  2. #2
    Banned
    Join Date
    Apr 2002
    Posts
    156
    when I say source code I mean the intire virus code.

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    304
    if you search google you can find the source to many viruses... I have an address somewhere that has alot of virus source code. I dont have it handy now but i will find it for you. The way you are talking about probably can be done but how is a whole nother question.
    Violence breeds violence
    we need a world court
    not a republican with his hands covered in oil and military hardware lecturing us on world security!

  4. #4
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,210
    Just get an old computer, attach it to the 'net temporarily, download a bunch of virii, trojans, etc., and start playing. :-)

    AJ

  5. #5
    Junior Member
    Join Date
    Aug 2001
    Posts
    23
    If your starting to try and read virus code, try first to download source codes from the net (Dont start with the compiled things. These are somewhat unreadable and dangerious). I would start first with looking at Visual Basic scripting viruses, these are simple to understand and easy to read. Assembly viruses are not. Search the net for these, you should find an abundance of them. Then maybe move on to macro viruses, these too are easy to read.
    IRC also can be a good source of viruses.

    Dont do anything silly with all that evil code.

  6. #6
    Banned
    Join Date
    Apr 2002
    Posts
    156
    I already know where to find a source code for VBS.LoveLetter (VBS), W95.CIH, some MarkerC virus, and some other Tune virus. The problem is, when I read this code on the net my McAfee detects them and asks me if I want to clean them. If I let McAfee clean them, will it erase the destructive code in the entire code? (If I let McAfee clean the codes, will McAfee erase the destructive parts of the code?) in other words if the virus source codes are cleaned, is the destructive part erased from the code?

  7. #7
    Banned
    Join Date
    Apr 2002
    Posts
    156
    cause if the destructive parts are cleaned it defeats the purpose of checking them out.

  8. #8
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    A test system is the only way. That's how I tested my tarpit. I setup 5 servers infected them with you name it. nimda, code red, and a half a dozen other virus. Turned on the tarpit and voilá 80% traffic reduction in a matter of moments. Plus the other two non-infected machines were not hit til about 48 hours later.

    Of course you have to have machines to do this with but that's the price you pay. A lab has to have equipment, right?
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  9. #9
    Banned
    Join Date
    Apr 2002
    Posts
    156
    I just need to know if when a virus code is cleaned by an antivirus program like mcafee, if the destructive parts of the code are erased. All I need to do is visit a website with the code on it. I've done it before but my McAfee detects the virus everytime I visit the site and always asks me if I want to clean it. I will be getting my code from www.62nds.co.nz/62nds/documents/ They have LoveLetter and all the viruses that I mentioned I could get, plus more. There is also a good source code library at www.tlsecurity.com

  10. #10
    Senior Member
    Join Date
    Dec 2001
    Posts
    151
    there's also alot of virii source code in the AO downloads
    -[h3llbringer] is back, again.
    -MSN CLoNE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides