How does a virus work?
Results 1 to 9 of 9

Thread: How does a virus work?

  1. #1
    Member
    Join Date
    Jul 2004
    Posts
    46

    How does a virus work?

    Ok, first, let me get this straight:

    I am not planning on writing a virus/trojan/worm or any other type of malacious piece of code. I'm asking out of sheer curiosity and interest, and one of those projects that you always get in the back of your head...




    Anyway, how do they work, and what's their syntax like? I'm not asking to be lead to a site with a quote saying that they imbed themselves in memory and then start sending copies of themselves to other people, etc etc. What I want to know is what their guts(syntax) look like. And this is for interest and a project idea for the halting of their actions.
    Tell me if you think I\'m spamming or doing something stupid, please.

  2. #2
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Well Guts of viruses like Melissa and I love you which caused damaged estimated at $8 billion
    look like this.

    as fas as melissa goes here is something that might help you.......
    this is not the complete code only the part it used for propogation using vunrablity in VBA

    its fairly a simple and small macro virus. Now

    Private Sub Document_Open() On error resume next

    so this part of the cole clearly shows that malissa works by infecting Document_Open().

    next is

    If system.privateprofilestring(", "hkey_curret_user\software\microsoft\office\9.0\word\security, "level") <> " " then Commandbars ("macro").Controls("security...").enabled = false
    options.confirmconversations = (1 -1) : options.virusprotection = (1 - 1) : options.savenormailprompt (1 - 1)
    end if


    the above line of code make the smart movethey clearly disable security in microsoft word. This is what allows it to continue uninterupted following line help in avoiding any alerts to end user.

    Dim Ungadasoutlook, DasMapIname, breakumoffaslice
    set ungadasoutlook = CreatObject ( "outlook .applicaton )
    set dasmapiname = ungadasoutlook.get namespace ("mapi")

    where mapi meanse messanging API. and this is basically how word communicates with many email programes.

    now the full code for melissa is huge and requires huge explanation...... i dont know any site which has the code and explanation..... if you get one please post..... hope this helps. peace
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    ByTeWrangler- nice knowledge base but I would watchout of what you say, people here will neg you for what you said. Too much info.

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    If you want to look at something that looks like a virus but is not actualy a virus. Then take a look at this web site: http://www.eicar.org/anti_virus_test_file.htm
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Can't fight them if you don't know how they work.. your question is a bit broad though. What you need to look at is some virus source code.

    http://www.62nds.co.nz/cgi-bin/x/e4015.html
    http://www.rohitab.com/sourcecode/blackbat.html
    http://addict3d.org/index.php?page=v...e=news&ID=2453

    There are a couple of sites to get you started. Search around Google groups for more leads. One note of caution, if you go to those sites, you had better make sure your system is locked down, or I can guarantee a crash course in malware removal.

    Do you know anything about programmming at all? IF you don't, it isn't going to do you much good to look at source code...it would be like me reading a book written in Swahili...I wouldn't have a clue as to what I was looking at.

  6. #6
    Junior Member
    Join Date
    Aug 2004
    Posts
    11
    And even after you specialize in programming you would also need some major knowledge about operating systems in order to understand the source codes.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Byte~ your post was OK, as you merely answered a part of the question.................Kurt was a bit worried for you, that is all ...........anyways, old stuff is pretty much of academic interest only.

    Groovicus has given you some good links............look around but remember to be careful, some of "those sites" are quite scary. If you can, please use a second machine, not attached to a network, and scan it for virus/trojan/adware/spyware each session.

    Pure "syntax" is what pattern identifying AV routines use. You really need to go a bit deeper into what the syntax does

    Typically: altering the registry, changing values in applications, prepending or appending to or inserting into executables, replacing executables, attempting to access running processes and services..........and so on.

    I guess that I am preaching "sandbox technology" a la Berkley *nix?

    Just my thoughts


  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    The previously mentioned links to virus source code are not very useful unless you already have some knowledge. I advise you to study the Little Blackbook of computer viruses. I can't seem to find it's original home but it can be found here also: http://vx.netlux.org/lib/vml00.html
    Also, if you are really interested you may consider the Giant Blackbook of computer viruses: http://vx.netlux.org/lib/vml01.html
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  9. #9
    Banned
    Join Date
    Apr 2004
    Posts
    94
    u wanna how a thing works just go to the followin link and u will find how anything in this world works!

    www.howstuffworks.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •