I am looking to find how virus are written and how they work?
Could someone tell me which applications are used to write viruses and
how they are used, and how do the viruses work across different
platforms and applications?
If someone could explain me, that would be great. else if someone knows
online links on the net, that would also be a great help.
"vishal" <vishalgrg@gmail.com> writes:
> Hi,
>
> I am looking to find how virus are written and how they work?
Hopefully not in the interest of writing one.
> Could someone tell me which applications are used to write viruses and
> how they are used, and how do the viruses work across different
> platforms and applications?
It varies. C is not uncommon though.
Most malware does not work across different platforms. Viruses
(self-replicating malware that relies on host files it attaches to)
typically spread among machines of a similar OS or within a given app.
> If someone could explain me, that would be great. else if someone knows
> online links on the net, that would also be a great help.
vishal> Hi, I am looking to find how virus are written and how
vishal> they work?
Unfortunately, there's not a lot of good, easily understandable
material on this topic. If you are interested in honest-to-God
executable infectors, you'll need a good grounding in the basics of
linkers and loaders. I recommend Levine's book on the topic. You
should also begin learning X86 assembly language and system
programming. Kip Irvine's book on IA32 (x86) assembly is probably the
best of its kind. A grounding in reverse engineering will also help
you study malicious software discovered in the wild. The openrce.org
web site is a good place to start.
A half-way decent worm is pretty easy to write, as opposed to a virus
which requires more technical skill. Melissa, for all the problems it
caused, was just a stupid little Visual Basic script. The hardest
part about a worm is figuring out the delivery mechanism. Metasploit
can help with the heavy lifting there, although you can adapt the
Outlook or IE exploit du jour. A few years ago when we were playing
around with worms, we were using same the MHTML security zone spoofing
trick as Nimda. It was fun, but we got bored with it pretty quickly.
Executable infectors are really hard if you don't normally do a lot of
programming, and worms are so trivially easy as to make it not worth
the mental exertion. Hell, we were writing worms in Pascal, which in
my programming hierarchy is only two steps above COBOL in terms of
utter lameness. ;)
Live virus/worm code makes for GREAT countermeasure testing. When we
were evaluating intrusion prevention software that employed behavioral
analysis, we would purposefully hunt down the latest and greatest
virus, de-install the relevant patches or anti-virus software (if
necessary), and run the thing, just to see how the IPS would handle
it. There's nothing quite like trying the real thing to make vendors
put up or shut up.
One of these days, I'm going to start a public virus archive. It will
probably get my IP banned by everybody, but there's nothing like
having the real thing to work with, whether you are learning weapons
and tactics, diligently researching vendor's claims about their
products, or developing countermeasures of your own. Of course, I
need to consult my lawyer first... :)
Best wishes,
Matthew
P.S. Don't be a moron. It's all fun and games until you cause
problems for the rest of us. We are always very careful to isolate
our test environments. You would be wise to do the same.
--
jsoffron: I'm generally pretty high on national defense...
Mr. Bad Example: Careful...it's a gateway policy. Before you know it,
you'll be mainlining the hard stuff like trade agreements.
jsoffron: Too late...I've been freebasing Nafta all day... Sweet,
sweet NAFTA.
- As seen on Slashdot
vishal <vishalgrg@gmail.com> wrote:
> I am looking to find how virus are written and how they work?
A virus has two parts, a replication engine, and a part, which does
the (harmful) functions. They're just computer programs, and build
with build tools like editor, compiler, linker, IDE, $WHATEVER.
> Could someone tell me which applications are used to write viruses and
> how they are used, and how do the viruses work across different
> platforms and applications?
A virus is written as any other computer program. Unfortunately, there
are also virus construction kits, which make "point and click" to build
virusses easy also for people, who cannot program.
I.e. Sasser was build with such a construction kit.
> If someone could explain me, that would be great. else if someone knows
> online links on the net, that would also be a great help.
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
I am not really interested in writing viruses. I am PG student in
Information Security and this is a part of my research project. I have
basic knowledge of virusus and how do they work. But need to go in more
detail for my work.
With my understanding of viruses, I know that viruses can be wirtten
using assembly language, c language, VB scripts etc. But I am sure
about Java script, perl language or any other language that might be
used for this purpose.
Also I wish to know, if a virus can work across platfroms or can be
written only for a specific platform and application such as Windows or
Mac or Unix/Linux. Also across applications like the one that infects
MS Word document can also infect any other application.
vishal <vishalgrg@gmail.com> wrote:
> I am not really interested in writing viruses. I am PG student in
> Information Security and this is a part of my research project. I have
> basic knowledge of virusus and how do they work. But need to go in more
> detail for my work.
Ah, OK.
Then try to write a replication engine yourself. It's not too complicated.
What helps, is knowledge in Assembler/Machine language and C.
Here you can read, how the executable format works, Windows is using:
Understanding this will lead you to the ability to add your own code
and to change the startup code of an existing executable, wich is good
to know to write a replication engine.
Boot sector viruses are somewhat outdated, since a pure bootsector
virus today is difficult to spread.
Or did you think about makro-viruses (which are much easier), worms or
even mail worms?
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
vishal <vishalgrg@gmail.com> wrote:
> Also I wish to know, if a virus can work across platfroms or can be
> written only for a specific platform and application such as Windows or
> Mac or Unix/Linux.
Usually, viruses are platform dependent code, as most of programs are.
But there could be platform independent viruses also. It's much more
difficult to write them, though.
> Also across applications like the one that infects
> MS Word document can also infect any other application.
Could be.
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
issue related to viruses 
Linear Mode
