January 28th, 2004, 04:15 AM
A question about Virri
Are most virri based in C++ and html? also can the be Binded in with working programs?
January 28th, 2004, 04:47 AM
viruses can and are written in c++, c, asm, vb...just about any programming language. html is a mark up language and can be used to make your computer download a virus (as in the hta problem) which itself is written in a programming language. Ive never seen or heard of a virus being written in html. Java script, vbs, wsh etc. can be used which is then inbeded in the html but never just html
Viruses and Trojans are often bound to innocent programs and if done correctly can go pretty much undetected by av software. Av companies are always on the lookout for new binders. Once they discover one they add the signature it adds to anything it binds to their def files so you can’t even bind two innocent programs together without you av going wild on you.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
January 28th, 2004, 05:04 AM
Well, Johnny Boy, a virus can be written in just about any language, or script for that matter...like VB script or J script.
January 28th, 2004, 05:18 AM
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META http-equiv=Content-Type content="text/html; charset=unicode"></SCRIPT>
Set WSh = CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
msgbox "We now have WScript and file system object! Your AV should have warned about this!" ,vbcritical ,"LOL"
with the above we can now do a number of things... not just make a VBS worm but we could also drop a few other scripts. Lets see umm... we could make a .txt file that contains our hex dump. We could push the hex from the .txt then push this info right into DEBUG which then drops our .jpg .dll .exe or whatever. All of this malware in one little HTML host file. But as mentioned before its "usually" the VBS/JS that makes the really cool stuff happen.
Or you could also base64 encode a .exe file then do a few of the old mime stuff. And of course a virus in a TRUE sence of the word should always make copies of itself and/or append or atleast overwrite to other files. But overwriters aren't really considered as "intellegent".
January 28th, 2004, 05:23 AM
Wargame, huh! My ass!
The W32.novarg/Mydoom is base64 and man it was giving me a headache trying to do all that **** to come up with a snort rule for it. Thankfully, someone else helped out on that one and now we have 4 (I think...my head still hurts and he did all the work!)