July 20th, 2004, 01:34 AM
Ok a friend wanted help today when their norton security suit went crazy and died, I asked about what had been done on the computer and the guy had got a trojan that hadnt been picked up by his AV (Thanks AVG you saved my computer again ) However google supplyed no answers and norton didnt notice it, AVG noticed it but couldnt give any info on it. I got the dude to hijackthis his computer and i noticed some suspiciuos registry entries, now we think hes rid of it. All this however made me want to learn more about virii and trojans. I would like to learn if there are ways to analise what they do and how they do it. Im ok as far as a test box goes so i basically want to play about and see what i can find out about them. I mean how do AV companies work out whats a virus and how do they write signatures, basically im curious Thanks
July 20th, 2004, 02:15 AM
I would use a disassembler to take it apart
many newer viruses are designed using programming tricks that make them hard to disassemble (the process of interpreting the code into a form that is easier to analyze so that the virus can be combated.
July 20th, 2004, 02:20 AM
Here's a tut to give you a little better understanding of virii and there are a few links at the bottom of the tut that you may can find other stuff you are looking for.
When death sleeps it dreams of you...
July 20th, 2004, 11:52 AM
First you'll need to learn the correct plural of "virus", it's "viruses" not "virii"
Then as DeadAddict noted get yourself a disassembler, a link to the MSDN libraries (for API references), lots of coffee and lots of spare time
But it's fun though, I always like to take new ones apart.
Just to see what makes them "tick".
For disassembly I can definitely recommend getting IDA Pro.
See http://www.datarescue.com/idabase for more info.
Experience is something you don't get until just after you need it.
July 20th, 2004, 04:00 PM
Thanks for the feed back. hmmm viruses eh? I read that it was virii im sure, oh well. I suppose its another mice/mouses one
July 20th, 2004, 04:40 PM
Any freeware disassemblers out there you're fond of?