42 replies to this topic

[telboon]

There are so many viruses, and many does the same job(or so I assume). What is the thing that makes them different in the eyes of anti-virus?

I understand that they read the signature, but what exactly is a signature? Is it like checksum? Is it a determining code in the file? What is it, really?

However, new virus comes out everyday, so how is it that they are 'new', since many of them have probably the same code structure anyway? That is of course assuming a simple structure of virus

Copies itself to camoflauge->Sets startup->spread->payload

So, how do I make a malware that it will not get detected?

Packers did come up a couple of times in my search, but I have no idea what it's about in details.

Thanks in advance! :)

[Sionofdarkness]

I've always wondered how they identify different types of viruses as well. I assume it is something fundamental in the code. By the way, why do you want to make a malware?

[shaunxx]

Hello there,
Its an interesting one. Nowadays we can see see that 13 year old boys creating malware and destroying the database of entire network. They do some lazy programs into the root and cracks up. Its been updating according to the new softwares..

[MeTh0Dz]

Most AVs work by searching for known signatures. Which are portions of the virus code that basically identify that virus as itself. Some other AVs will also watch for stuff like registry writes, and then quarantine programs that are trying to do such stuff without your approval. However, some newer AVs are also using heuristics.

Also making malware is gay. Make a virus, make a worm, or make a trojan, don't make some shitty program that is going to copy itself in the registry and start displaying stupid messages or messing with my mouse.

Also, what does this mean? LOL

Quote

Hello there,
Its an interesting one. Nowadays we can see see that 13 year old boys creating malware and destroying the database of entire network. They do some lazy programs into the root and cracks up. Its been updating according to the new softwares..

[telboon]

Hmm, actually viruses, worms and trojans are subset of malwares.

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. 

Well, at least according to Wikipedia(can't find much credible sources nowadays online >.< )

How does a heuristic scanner works by the way?

[MeTh0Dz]

Malware, is the group that all programs fall into that aren't good enough to be viruses, trojans, or worms. Which is probably what you will be coding.

[elvenrunelord]

MeTh0Dz said:

Also making malware is gay.

Dude why would you think that making Malware is happy? You do know that is the meaning of the word gay right?

[MeTh0Dz]

DELETED

Yeah, Slice Ownz Your Posts.

Get over it

/Talk

Edited by xXHalfSliceXx, 14 July 2008 - 06:03 PM.

[elvenrunelord]

You know your a waste of my time don't you?

In any case I use dictionaries that don't include slang and I use words in their proper manner. There is a word for homosexuality and it is not gay. When you misuse words like that you confuse people and if your dictionary include homosexual in the meanings for the word gay, they have committed an error in judgment. Much like your parents leaving you on the PC without proper supervision. About the only thing cool about you is your avatar.

[MeTh0Dz]

DELETED

Yeah, Slice Ownz Your Posts.

Get over it

/Talk

Edited by xXHalfSliceXx, 14 July 2008 - 06:01 PM.

[Aereshaa]

elvenrunelord said:

Much like your parents leaving you on the PC without proper supervision.

How would you know whether he is a kid? For all you know, he could be a cat! And second, if he is a kid, then how would you know he isn't being supervised? Face it, you have absolutely no information, so maybe you shouldn't start making ad-hominem attacks of that nature.

[dargueta]

Getting back to viruses...what MeTh0Dz meant by signatures in a virus is the "engine". Viruses use "engines" to get in underneath the security system. (Basically what it does is sneak by the security software using various techniques and then calls the main() function of the virus.)

You can create different viruses using the same engine, and create the same virus using different engines. So when antivirus software scans a file, it checks its database of known hacking/tunneling engines and sees whether one of those is present in that file. If it is, then it flags it as infected and takes appropriate action.

Tunneling With DOS Interrupts

Edited by dargueta, 12 July 2008 - 08:55 PM.
Reformatted