Results 1 to 5 of 5

Thread: A question about Virri

  1. January 28th, 2004, 05:15 AM #1
    cryptichavok
    cryptichavok is offline
    Banned
    Join Date
    Jan 2004
    Posts
    17

    A question about Virri

    Are most virri based in C++ and html? also can the be Binded in with working programs?
    Reply With Quote Reply With Quote
  2. January 28th, 2004, 05:47 AM #2
    Tedob1
    Tedob1 is offline
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    viruses can and are written in c++, c, asm, vb...just about any programming language. html is a mark up language and can be used to make your computer download a virus (as in the hta problem) which itself is written in a programming language. Ive never seen or heard of a virus being written in html. Java script, vbs, wsh etc. can be used which is then inbeded in the html but never just html

    Viruses and Trojans are often bound to innocent programs and if done correctly can go pretty much undetected by av software. Av companies are always on the lookout for new binders. Once they discover one they add the signature it adds to anything it binds to their def files so you can’t even bind two innocent programs together without you av going wild on you.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Reply With Quote Reply With Quote
  3. January 28th, 2004, 06:04 AM #3
    576869746568617
    576869746568617 is offline
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Well, Johnny Boy, a virus can be written in just about any language, or script for that matter...like VB script or J script.
    Reply With Quote Reply With Quote
  4. January 28th, 2004, 06:18 AM #4
    |The|Specialist
    |The|Specialist is offline
    Banned
    Join Date
    Jul 2002
    Posts
    877
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <HTML>
    <HEAD>
    <META http-equiv=Content-Type content="text/html; charset=unicode"></SCRIPT>
    <script language="VBScript">
    <!--
    Set WSh = CreateObject("WScript.Shell")
    Set FSO = CreateObject("Scripting.FileSystemObject")

    msgbox "We now have WScript and file system object! Your AV should have warned about this!" ,vbcritical ,"LOL"
    </script>

    with the above we can now do a number of things... not just make a VBS worm but we could also drop a few other scripts. Lets see umm... we could make a .txt file that contains our hex dump. We could push the hex from the .txt then push this info right into DEBUG which then drops our .jpg .dll .exe or whatever. All of this malware in one little HTML host file. But as mentioned before its "usually" the VBS/JS that makes the really cool stuff happen.

    Or you could also base64 encode a .exe file then do a few of the old mime stuff. And of course a virus in a TRUE sence of the word should always make copies of itself and/or append or atleast overwrite to other files. But overwriters aren't really considered as "intellegent".
    Reply With Quote Reply With Quote
  5. January 28th, 2004, 06:23 AM #5
    576869746568617
    576869746568617 is offline
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Wargame, huh! My ass!

    The W32.novarg/Mydoom is base64 and man it was giving me a headache trying to do all that **** to come up with a snort rule for it. Thankfully, someone else helped out on that one and now we have 4 (I think...my head still hurts and he did all the work!)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules