Homecooked virii

View Poll Results: Do you think Bush will get re-elected.;

Voters
30. You may not vote on this poll
  • Yes

    11 36.67%
  • No

    3 10.00%
  • I don\'t Care

    4 13.33%
  • Hum probably because there is no real competition.

    3 10.00%
  • No, Oh H... No He can\'t. 4 more years with him I\'ll die.

    9 30.00%
Results 1 to 10 of 10

Thread: Homecooked virii

  1. #1
    er0k
    Guest

    Homecooked virii

    Alright, I am wanting to know how many people out there use the method of security of "Throwing your own virii at your own separate machine" ? Or even throwing virii purposely at a box period, even if they aren't yours and you just found them. And im not talking about VBS scripts, but either real low level asm or something, or a C/C++ variant, actually just anything that isn't VBS. I mean, ive heard about this security method alot, and have never actually seen the benefit of spending the time to do all this unless:

    1. you are planning on writing AV software

    2. you are just testing out your antivirus software

    or

    3. you are just messing around

    I mean, is there a real benefit to spending the time to do this? I could see if they were trojans or rootkits or even just some sort of worm, but really, why else would someone write their own virus to do this if not for malicious acts. Basically, this is just a poll for the popularity of homecooked virii, and why to write them...

    The only reason i see for writing these virii is for educational purposes or even, malicious purposes. see poll.

  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    Meh..I'v writen a few funny Batch virii and some really simple things....some where stoped by the AV..others wherent even noticed....any how...I always destroy my Virii once I'm done...I just do it for fun on my spare box.....plus it does help to test your AV......and in my opinion....AV's cant detect unknown Virii very well....then again...it might just be my Bloatware lol...

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #3
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    I have done a number of proof of concept Viri. Usually I will do this after MS or Redhat ect say something is imposable (noteably one to infect a system over a malicious website written and submitted 5 years ago that is just now being addressed). I then send these of ( in a unharmful from ) to the antivirus companies and the developers whose app I exploited. The hope is that the whole I exploited to cause the virus to spread will be patched.

    I never put a damaging payload in the viri, they just spread themselves...this is done to discover the vectors a Virus can spread itself on, and to watch the speed of different vectors.
    Who is more trustworthy then all of the gurus or Buddha’s?

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Usually a good idea to put some kind of limit on their ability to replicate, to prevent any accidental releases.

    Ideas:

    - Decrement a counter each time it replicates, when it reaches zero, self-destruct
    - Only execute on machines with IP numbers in your own private range (and choose an uncommonly used range like 172.17)
    - Test for the presence of a file which says it's ok to go and replicate yourself

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Back in the day when my P75 was still top of the line, my cousin had a virus fetish. He colleged all he could find and ran them on his old 486. Well he'd come over and we'd sit and right crappy lil virii in Turing... Just harddrive fillers (HDDs were smaller then.. much smaller), and programs that removed key OS files... never anything big.....


    That was the extent of my experience...

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    6
    I've not been as ....hummm!....active as some of u.....my extent has been to test some things at work.... I use the kiss method(the best are always the simplest)
    seems a good one was;

    in old ccmail(u need a copy to do this)

    I wrote;

    hi
    getaddressbook
    send "hi" :global

    took down my domino server in 30 secs(closed copy of a work server)

    I had to reimage it filled it so bad(and I was lazy)
    jeez I\'m tired of ms and bill lining his pockets, but it keeps me employed

  7. #7
    Senior Member
    Join Date
    Nov 2002
    Posts
    482
    well, i dont write virii, but i do decompile them and see how they work....

    then i change them to suit a certain box (hardware profiles, network setups) to make a "super virii" but it would only work on certain machines...

    i just change them and vary them to suit particular machines, then similar machines until you get one that does its duty on other machines... but i dont spread it around... thats the malicious part
    - Trying is the first step towards failure. the moral is never try.
    - It\'s like something out of that twilighty show about that zone.
    ----Homer J Simpson----

  8. #8
    Member
    Join Date
    Nov 2002
    Posts
    80
    I have not programmed a virus for a long time (I never programmed one to do anything malicous apart from example below), but I would like to if I ever get the time because the spread and growth patterns could be quite interesting to examine.

    <short story>
    The first thing I ever programmed on a PC was a batch file virus, when I was about 15. I did this with one of my mates on my dads computer it was a realy simple virus that altered file extensions. However when we ran it we realised that in the process we have disabled the command to undo the damage.
    There was about an hours panic while we located somone else with a compatable version of MSDOS so we could fix it. My Dad never found out and I learnt the hard way about writing virii.
    </short story>

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Part of our responsibility to our employer is to research new undocumented flaws in any OS in use at our facilities. The idea being that we know about the problem *before* or at the same time as the underground. Our management team feels that this will add another layer of security to our current policy.

    Anyway....

    One thing that we do is map out components of an OS then write our own little virii to see if there is a way to exploit the service, cause it to fail, propigate and send, etc. The standard stuff that you see out there now. We spend out half our time doing research and development of this sort. In doing so, we have caught *many* big name companies with their pants down. Fortunately, upon discovery of the issues, these companies were smart enough to fix the problem before we sent it off to bugtraq.

    Writing virii from a white hat stance is certainly a benefit and it also serves as a great learning tool for junior security techs. I take all of my juniors through this exercise.

    My two cents...
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Originally posted here by noODle
    Some simple virii for Windows:

    Batch file: (virus.bat)
    start /min virus.bat
    This will hog up all resources in notime.
    The same can probably accomplished by holding down the windows button and the letter E (perhaps others).
    This is not really a virus, now is it? A virus is a program that can replicate itself to other programs/files. This just starts itself over and over. Just like an old fashioned fork() bomb.

    These kind of virii are not detected by whatever kind of AV you use.
    They are more DoS then virri.
    Indeed AV's will only detect a know malicous program. What happens when i write a small program that creates a file filled with random data and filesize,filename are specified as arguments? I use it to create files of arbitrary size and name to test download speeds. Someone could use it to fill up a harddisk. Or overwrite something important. Is this a DoS tool? Should an AV pick on my program and call it, heaven forbid, a hackers tool?

    And yes, I do try out stuff. BUT I will only run it within something like a VMWare session.
    I do like Slarty's suggestions but be carefull if you show your source code to someone else. These limits are easily removed.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •