Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: Virus

  1. #21
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Thanks Tiger,

    That is exactly what I was referring to.......................I read an article similar to the one you quote, a few years ago (NT4)

    I followed the instructions and it actually worked, but I could not see any way to actually get anything in the alternate data streams to run on its own, also the e-mail system saw the true size of the file and wouldn't send it

    It was certainly a way of hiding stuff though.

    There was not a lot of excitement as you needed the NTFS file system, and most skiddies did not have NT.....................of course it is a different story today?


    Cheers

  2. #22
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Yes, good call Tiger. Streaming (as mentioned) is another way of hiding info in files but as Nihil states, execution of the content is tricky at best. I didn't mention it because virus code hidden in this mannor would not execute directly. This is due to the limitations in cmd.exe.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #23
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    VI. =)

    Actually, as it looked like Cybr1d may have hinted at, but didn't quite come out and clearly say, is that it is possible for a file type to run a virus, however, if it is possible for the .txt to run/contain a virus on your computer, you're already screwed.

    For instance, it is possible that there is a program on any given computer that will take data locked in some other, "harmless" file, and use it to execute malicious code. If I planted a file called, "Wingbat.exe" (I just made it up, so don't bother Googling for it) on you're computer, and it runs regularly, I could send to your computer a text file called instruct.txt. Instruct.txt actually has C code in it, but its harmless, right? The thing about Wingbat.exe is that it can take the code from instruct.txt, compile and execute it. You're computer is now officially a zombie.

    This is actually just a slightly more complex method (and perhaps harder to detect) than has been used with DDoS. Making a computer into a zombie by making it wait online for instructions can be detected by looking for connections, although sending the file straight onto the computer as a set of instructions (and independent code, even!) can make it so that it will run any code, for any purpose, that it is ever instructed to.

    The code involved in this is actually very simple to make. Using gcc or some other compiler as a basis, it would be possible to incorporate that code into a larger executable, adding very little, and very simpllistic, code. Thus, Wingbat.exe is born.

    This sort of thing has been done before, and there are other ways to do it, but this is just one clever way to accomplish an ends. As far as I know, to do this in the past, the code would have to be pre-compiled, sent to the other computer, and THEN run by some sort of trojan, or an idiot.

    But like I said, by the time that this is possible on your computer, you're already screwed.

    Even with this, however, the .txt, .png, .jpeg files are safe in themselves, though they can lead to other problems...

    Just a few ways that it would be possible. Don't get too paranoid about it.





    ---------------------------------


    If a new virus called Wingbat.exe is released into the wild soon that does this exact thing, I will be VERY disappointed in all of you. =P
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  4. #24
    Root kits... ^_^

    -Cheers-

  5. #25
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords. The .exe file would remain dormant and not attach itself to any other program, say "Not allow it to multiply", until it has received the particular command to turn it on. Somewhat like a trojan...which is built piece by piece, but without having it dial out of the victim's PC to avoid detections, instead have the "Ignorant" user download the commands.

    Sorry If I dont make much sense....I guess i'm not finding the right words right now, but I hope you understand what i'm trying to say.

    Cheers,


    EDIT: Picture the movie TERMINATOR 2. When the evil terminator froze and was shattered, he was harmless. Then the pieces melted from the heat and came together to rebuild him. Imagine all those pieces being .txt files containing commands which, when put together, create a harmful piece of program.

    LoL i think that makes it clearer

  6. #26
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Originally posted here by Cybr1d
    So, It would be possible to program a "harmless" .exe program which is programmed to "receive" a set of commands inside .txt files with preset keywords.
    I know exactly what you mean. It wouldn't necessary need pre-programmed key words, though. It could deal with raw code and compile it. Keywords could be programmed in, but it would be just as easy (somewhat easier, really) to send in those key words as seperate code instead of coding it in. If it is included in pre-made code, then it would make Wingbat.exe bigger. To send in the code seperately, it could later be called on by other code.

    Also, using external, and freshly written code, means that it could be used to accomplish anything. By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.

    Make sense?
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

  7. #27
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    By getting the initial program in, any other program can then be run from within the system, any script, anything else that the writer could possibly think of, making it a bit more versatile.
    A trojan? The only issue would be avoiding detection from AV software.

  8. #28
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    A trojan tries to hide its true function within something else. Anything can be wrapped up in a trojan, this included. This will just execute external code that is sent to it in a .txt format (among other methods.)
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •