May 30th, 2002 05:16 AM
I wanna examine a couple of viruses to see how they work. Is there any way (or anywhere) I could look at these infected files without getting infected myself? I was wondering if there is a program that would let you read infected files (virus codes etc.) without getting infected and it spreading to your computer (like a program that would lock in all effects of the viruses so they can't infect my system and cause damage). Even if I could steralize the virus (clean it). If I cleaned it with my AVs would it still contain the destructive code or would the destructive code be cleaned (erased) from the source code?
May 30th, 2002 05:17 AM
when I say source code I mean the intire virus code.
May 30th, 2002 05:47 AM
if you search google you can find the source to many viruses... I have an address somewhere that has alot of virus source code. I dont have it handy now but i will find it for you. The way you are talking about probably can be done but how is a whole nother question.
Violence breeds violence
we need a world court
not a republican with his hands covered in oil and military hardware lecturing us on world security!
May 30th, 2002 05:52 AM
Just get an old computer, attach it to the 'net temporarily, download a bunch of virii, trojans, etc., and start playing. :-)
May 30th, 2002 06:27 AM
If your starting to try and read virus code, try first to download source codes from the net (Dont start with the compiled things. These are somewhat unreadable and dangerious). I would start first with looking at Visual Basic scripting viruses, these are simple to understand and easy to read. Assembly viruses are not. Search the net for these, you should find an abundance of them. Then maybe move on to macro viruses, these too are easy to read.
IRC also can be a good source of viruses.
Dont do anything silly with all that evil code.
May 30th, 2002 06:56 PM
I already know where to find a source code for VBS.LoveLetter (VBS), W95.CIH, some MarkerC virus, and some other Tune virus. The problem is, when I read this code on the net my McAfee detects them and asks me if I want to clean them. If I let McAfee clean them, will it erase the destructive code in the entire code? (If I let McAfee clean the codes, will McAfee erase the destructive parts of the code?) in other words if the virus source codes are cleaned, is the destructive part erased from the code?
May 30th, 2002 06:58 PM
cause if the destructive parts are cleaned it defeats the purpose of checking them out.
May 30th, 2002 09:47 PM
A test system is the only way. That's how I tested my tarpit. I setup 5 servers infected them with you name it. nimda, code red, and a half a dozen other virus. Turned on the tarpit and voilá 80% traffic reduction in a matter of moments. Plus the other two non-infected machines were not hit til about 48 hours later.
Of course you have to have machines to do this with but that's the price you pay. A lab has to have equipment, right?
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
May 31st, 2002 02:54 AM
I just need to know if when a virus code is cleaned by an antivirus program like mcafee, if the destructive parts of the code are erased. All I need to do is visit a website with the code on it. I've done it before but my McAfee detects the virus everytime I visit the site and always asks me if I want to clean it. I will be getting my code from www.62nds.co.nz/62nds/documents/ They have LoveLetter and all the viruses that I mentioned I could get, plus more. There is also a good source code library at www.tlsecurity.com
June 3rd, 2002 03:05 AM
there's also alot of virii source code in the AO downloads