August 22nd, 2004, 09:05 PM
How does a virus work?
Ok, first, let me get this straight:
I am not planning on writing a virus/trojan/worm or any other type of malacious piece of code. I'm asking out of sheer curiosity and interest, and one of those projects that you always get in the back of your head...
Anyway, how do they work, and what's their syntax like? I'm not asking to be lead to a site with a quote saying that they imbed themselves in memory and then start sending copies of themselves to other people, etc etc. What I want to know is what their guts(syntax) look like. And this is for interest and a project idea for the halting of their actions.
Tell me if you think I\'m spamming or doing something stupid, please.
August 22nd, 2004, 09:37 PM
Well Guts of viruses like Melissa and I love you which caused damaged estimated at $8 billion
look like this.
as fas as melissa goes here is something that might help you.......
this is not the complete code only the part it used for propogation using vunrablity in VBA
its fairly a simple and small macro virus. Now
Private Sub Document_Open() On error resume next
so this part of the cole clearly shows that malissa works by infecting Document_Open().
If system.privateprofilestring(", "hkey_curret_user\software\microsoft\office\9.0\word\security, "level") <> " " then Commandbars ("macro").Controls("security...").enabled = false
options.confirmconversations = (1 -1) : options.virusprotection = (1 - 1) : options.savenormailprompt (1 - 1)
the above line of code make the smart movethey clearly disable security in microsoft word. This is what allows it to continue uninterupted following line help in avoiding any alerts to end user.
Dim Ungadasoutlook, DasMapIname, breakumoffaslice
set ungadasoutlook = CreatObject ( "outlook .applicaton )
set dasmapiname = ungadasoutlook.get namespace ("mapi")
where mapi meanse messanging API. and this is basically how word communicates with many email programes.
now the full code for melissa is huge and requires huge explanation...... i dont know any site which has the code and explanation..... if you get one please post..... hope this helps. peace
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
August 23rd, 2004, 01:08 AM
ByTeWrangler- nice knowledge base but I would watchout of what you say, people here will neg you for what you said. Too much info.
August 23rd, 2004, 03:25 AM
If you want to look at something that looks like a virus but is not actualy a virus. Then take a look at this web site: http://www.eicar.org/anti_virus_test_file.htm
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
August 23rd, 2004, 04:32 AM
Can't fight them if you don't know how they work.. your question is a bit broad though. What you need to look at is some virus source code.
There are a couple of sites to get you started. Search around Google groups for more leads. One note of caution, if you go to those sites, you had better make sure your system is locked down, or I can guarantee a crash course in malware removal.
Do you know anything about programmming at all? IF you don't, it isn't going to do you much good to look at source code...it would be like me reading a book written in Swahili...I wouldn't have a clue as to what I was looking at.
August 24th, 2004, 01:14 PM
And even after you specialize in programming you would also need some major knowledge about operating systems in order to understand the source codes.
August 24th, 2004, 02:03 PM
Byte~ your post was OK, as you merely answered a part of the question.................Kurt was a bit worried for you, that is all ...........anyways, old stuff is pretty much of academic interest only.
Groovicus has given you some good links............look around but remember to be careful, some of "those sites" are quite scary. If you can, please use a second machine, not attached to a network, and scan it for virus/trojan/adware/spyware each session.
Pure "syntax" is what pattern identifying AV routines use. You really need to go a bit deeper into what the syntax does
Typically: altering the registry, changing values in applications, prepending or appending to or inserting into executables, replacing executables, attempting to access running processes and services..........and so on.
I guess that I am preaching "sandbox technology" a la Berkley *nix?
Just my thoughts
August 24th, 2004, 03:40 PM
The previously mentioned links to virus source code are not very useful unless you already have some knowledge. I advise you to study the Little Blackbook of computer viruses. I can't seem to find it's original home but it can be found here also: http://vx.netlux.org/lib/vml00.html
Also, if you are really interested you may consider the Giant Blackbook of computer viruses: http://vx.netlux.org/lib/vml01.html
The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content
September 20th, 2004, 04:42 PM
u wanna how a thing works just go to the followin link and u will find how anything in this world works!