Results 1 to 5 of 5

Thread: A VIrII TUT

  1. #1
    Join Date
    Feb 2003

    Arrow A VIrII TUT

    Posted By Anatra

    Copyright: Anatra for Antionline.com 2003


    We learn to know better them to fight more effectively them

    From a few years to this part we are assisting to a great evolution of the computer technologies turned to the safety, and particularly antivirus and firewall have become tools of diffusion of mass, especially with the use of some geographical nets as internet.
    Problems caused by virus and by other malignant programs (malware) are by now on the mouth of everybody, and sometimes speak of it (often to blunder) also newscasts and telecasts.
    Some years ago to create a virus was indeed an arduous assignment: it needed to have specific knowledges of low-level languages as the Assembler, besides it was necessary to boss in detail the architecture of the systems IBM compatible to be able to check the memory RAM and to be resident in it (TSR) with the purpose to be reproduced themselves on other Files and to infect the whole Computer.
    The concepts to be held to mind are simple and proceeding with order we will examine all the principal techniques of viral attack.

    Categories of

    First of all it needs to distinguish the virii in numerous categories, classifying them as we would do with some biological fetterses, with the purpose to be able to delineate differences and peculiarity.
    Departing from the origins the term virus has been coined a few decades ago and therefore today a lot of things are changed and numerous malwares are often considered like virii.
    Particularly different from the virii was considered the logical bombs and finally the Worms (today very diffused).
    For Logical Bomb we intend a program servant to the purpose to bring damage activating itself in determined conditions.
    Numerous of they has often been considered virii, and they have given some bothers to the consumers in determined days of the year, in opportune recurrences chosen by the authors.
    The rabbits was called all that programs that, today with modern terminology we would define Denial of Service (DOS). In practice their intent was that to saturate the resources software of a system as time of the CPU, memory, net, etc. Lately we have assisted to bug as that of some controls ActiveX that for a problem of Buffer Overflow could exhaust the resources of system provoking a crash of the whole PC.
    Characteristic common to the two introduced typologies it is the fact that both cannot be reproduced themself contrarily of the Worms whose principal purpose is essentially this.
    The Worm has the ability to propagate itself online and to install itself on other machine and it often exploits some known bugs that the incompetent or lazy system administrators have not resolved with any patches yet.
    Sometimes it is even assisted to real epidemicsto world level that in the arc of few times have struck strategic server and paralysed the traffic of numerous Intranet.

    Under categories of Virii

    In the eternal struggle to avoid to make to be identified by the antivirii the authors of Malware have given more and more variations to their codes. Here are some examples:

    Mutants Virii : they modify their own code every time that they are copied so that not to be able to easily be identified by the antivirii.
    Monogrammed virii : the code of the virus is ciphered so that the harmful instructions not to make from the antiviruses recognizable. Before the esecution the crittographic motor decodes all and performs it.
    Virii Multiparty : they act both as virus of the boot sector because they enter execution to the start but they spread attaching themself to .exe File.
    Polymorphous virii : they are a more sophisticated evolution of the mutants virii.

    Trojan and Keylogger

    Another category of reference of which I would like to speak to separate way is that of the Trojans of which today there is especially a real thick diffusion from all those people who assuming themself to Hacker tries to cross the road briefest to enter the computer of the victim.
    Trojan some years ago meant program that it apparently had function to complete one determined operation while in reality it was destined to mine the safety of a system and to create a breach to be able to enter you an any moment (same meaning of Backdoor: accessed the door of service left open from the malignant author).
    Today however the things are changed and in fact the Backdoor or the trojans are often more and more assuming characteristics Stealth disguising themself to the eyes of the consumers (often also of the more sceptics) and allowing a full control of the PC from remote both for what it concerns the visualization of the keys (Keylogging) both through the listen to some conversations of the unaware consumer through the microphone of system.
    Examples of backdoor to ample diffusion are Back Orifice and Netbus.
    Other programs with function of trojan are really the already quoted Keylogger, applications also used in the investigations developed to computer (computer forsenic) in degree to capture every key pressed by the consumer and able to memorize some vital information as the criptographic keys of programs as PGP.

    Macro Virus : with the introduction of new and you advance functionality in application as software of video engages and of spreadsheet has spread this type of attack even unthinkable some years ago.

    Rav Antivirus has a page with the statistics of diffusion of the virii adjourned in real time
    http//:www.rav.ro/ravmsstats /

    another interesting source is the encyclopedia of the virii of AVP that is:

    If you look for some information on the antiviruses these pages of the Cert are a good point of departure: there are Links to the present documentation on the various sites of various producers of antivirus, university and public and private corporate body:


  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Erm....not to be mean....but you should run this through Word and pickup some grammar, because I can't follow what your saying....

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #3
    Doc d00dz Attackin's Avatar
    Join Date
    Mar 2003
    He does it again, This is very organized tut I must say, very well thought out, and a good reference to look back at. Greenies for you my friend......
    CyA -d00dz AttackiN-
    First you listen, then you do, finally you teach.
    Duck Hunting Chat

  4. #4
    I have to disagree. I do not mean any disrespect either, but this tutorial is more of a commentary than a tutorial. There are in-depth virus tutorials out there for both the virus author and the anti-virus researcher. I will not list the links directly here, but a simple search on Google yields some pretty good insight.

    As for the English, it's no big deal. Not everybody speaks English, or speaks it very well.

  5. #5
    Join Date
    Feb 2003
    Erm....not to be mean....but you should run this through Word and pickup some grammar, because I can't follow what your saying....

    Well sorry but I wrote it in Italian and only for trying I had translated with Power translator Pro....

    well even I have noted that this one isn't in a very good english...
    I had to say sorry Noia next time I hope to do better... and to write in english directly

    see ya

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts