EvilZone
Hacking and Security => Beginner's Corner => : Karpz February 21, 2015, 01:37:15 AM
-
Any books you recommend for learning the basic fundamentals of viruses, trojans, or just any malware in general?
-
Any books you recommend for learning the basic fundamentals of viruses, trojans, or just any malware in general?
Malware is a very large genre of programming. Everything you listed are different items with different goals
Virus: a programs that copies itself (with various levels of sophistication).
Worms: self-replicating programs.
Rootkits: programs that change a system at a lower (typically kernel) level to mask infection from the user.
Trojans: Programs that act like other programs (typically with malicious intent)
Remote Access Trojans (RATs): are programs that act like something else but actually create backdoor access into systems.
Spyware: Focuses on intercepting user activity on a specific machine.
You need to start by deciding what you want to achieve. Do you know anything about programming already?
If not, then I'd recommend learning a programming language before doing anything else.
-
Malware is a very large genre of programming. Everything you listed are different items with different goals
Virus are a programs that copies itself (with various levels of sophistication)
Worms are self-replicating programs.
Rootkits are programs that change a system at the kernel level to mask infection from the user
Trojans are simply programs that act like other programs (typically with malicious intent)
Remote access trojans are programs that act like something else but actually create backdoor access into systems.
Spyware is a genre of malware that focuses of intercepting user activity on a specific machine.
You need to start by deciding what you want to achieve. Do you know anything about programming already?
If not, then I'd recommend learning a programming language before doing anything else.
I know a decent amount of C#, not fluently thought. And I want to learn about worms in particular, thanks for the summary of the types of malware btw.
-
I know a decent amount of C#, not fluently thought. And I want to learn about worms in particular, thanks for the summary of the types of malware btw.
If you already feel confident in C#, I might suggest looking into tutorials that use that language, and study their code to understand what they're doing.
Something like this may be of interest to you:
http://www.rohitab.com/discuss/topic/34338-indepth-c-trojan-tutorial/ (http://www.rohitab.com/discuss/topic/34338-indepth-c-trojan-tutorial/)
That said, you can also learn alot by disecting the malware of those who came well before you.
But this requires a specialized environment known as a sandbox. An example of an automated sandbox would be Cuckoo sandbox, which may help you in the initial stages http://www.cuckoosandbox.org/ (http://www.cuckoosandbox.org/)
The same effect (for most types of malware) can be achieved using something like virtualbox (ensure it's network capabilities are disconnected ofcourse).
The concept is that you run these programs in a safely isolated environment so they can't escape and cause damage to your (or anyone elses) actual system.
I would caution working with worms, as their very nature makes them extremely volatile and potentially difficult to control.
If you're interested in reverse engineering malware you may want to look into this book.
http://venom630.free.fr/pdf/Practical_Malware_Analysis.pdf (http://venom630.free.fr/pdf/Practical_Malware_Analysis.pdf)
all that said, it may be worth your while to make yourself familiar with local laws regarding the creation of malware and the possible implications of unleashing your creations.
-
If you already feel confident in C#, I might suggest looking into tutorials that use that language, and study their code to understand what they're doing.
Something like this may be of interest to you:
http://www.rohitab.com/discuss/topic/34338-indepth-c-trojan-tutorial/ (http://www.rohitab.com/discuss/topic/34338-indepth-c-trojan-tutorial/)
That said, you can also learn alot by disecting the malware of those who came well before you.
But this requires a specialized environment known as a sandbox and automated example of this would be cuckoo sandbox, which may help you in the initial stages http://www.cuckoosandbox.org/ (http://www.cuckoosandbox.org/)
The same effect (for most types of malware) can be achieved using something like virtualbox (ensure it's network capabilities are disconnected ofcourse).
The concept is that you run these programs in a safely isolated environment so they can't escape and cause damage to your (or anyone elses) actual system.
I would caution working with worms, as their very nature makes them extremely volatile and potentially difficult to control.
If you're interested in reverse engineering malware you may want to look into this book.
http://venom630.free.fr/pdf/Practical_Malware_Analysis.pdf (http://venom630.free.fr/pdf/Practical_Malware_Analysis.pdf)
all that said, it may be worth your while to make yourself familiar with local laws regarding the creation of malware and the possible implications of unleashing your creations.
Alright, and I have no interest in spreading malware, as it is illegal at my current location. I also use VMWare Workstation, I've always for some reason had a difficulty with VirtualBox.
Anyways, just wondering if it require heavy knowledge of programming to be able to write a decent worm? By this I mean, to write a functional and a very fast spreading worm, and a very effective worm? I realize that it depends on the purpose of the worm, but to just affect the general public of the internet, would it require some high knowledge of programming, such as C#?
-
Alright, and I have no interest in spreading malware, as it is illegal at my current location. I also use VMWare Workstation, I've always for some reason had a difficulty with VirtualBox.
Anyways, just wondering if it require heavy knowledge of programming to be able to write a decent worm? By this I mean, to write a functional and a very fast spreading worm, and a very effective worm? I realize that it depends on the purpose of the worm, but to just affect the general public of the internet, would it require some high knowledge of programming, such as C#?
Not a theoretical question you should be asking on this forum.
You shouldn't be trying to write a worm that could affect the general public in any way shape or form. Great way to get raided by a 3 letter agency... Even talking about doing it probably has you on a watchlist now.
-
Not a theoretical question you should be asking on this forum.
You shouldn't be trying to write a worm that could affect the general public in any way shape or form. Great way to get raided by a 3 letter agency... Even talking about doing it probably has you on a watchlist now.
No, I am asking if it would require a lot of programming knowledge to do so? I'm not asking how to do it.
-
To make something decent? Yes, absolutely. Also, I wouldn't recommend C#, but that's mostly an opinion.
-
To make something decent? Yes, absolutely. Also, I wouldn't recommend C#, but that's mostly an opinion.
What language would you recommend?
-
What language would you recommend?
Something not shitty..
for a more serious reason think of the things youd need to implement. Worms generally spread through automated exploitation of a network based exploit. How many PoC exploits do you see released in C#? Versus say... C? You'll also generally want to install a decent backdoor of some sort, either with a rootkit or not. I can't say I find the idea of a C# rootkit very... appealing. Not to mention it limits you to just Windows Hosts, at least with most other languages you could chose the host you want to have it work on.
TL;DR: IMO, coding any sort of sophisticated malware in C# would be kind of like attempting to implement mmap in Java. Possible, yes... a good idea... not so much.
Further I'll just add to cyber's brief description of malware; rootkits don't necessarily need to be kernel level. You can mask a malicious program's existence using a userland rootkit as well, albeit not as efficiently nor as robustly.
-
Any books you recommend for learning the basic fundamentals of viruses, trojans, or just any malware in general?
It is a bit old, but still seen as The Bible about computer viruses: "The Art of Computer Virus Research and Defense" by Peter Szor. The concepts are still true today and I have to say reading it is worth the time.
Please note that Szor sees worms as a subcategory of viruses. So if you want to learn mainly about worms, this will still serve you well.
If you need a more brief overview and references for more literature: There is one chapter with 18 pages about malware in general in my master thesis. Get it from here: thesis download (https://github.com/katjahahn/PortEx/raw/master/masterthesis/masterthesis.pdf)
Chapter 2 is the interesting one for you. If any of the mentioned topics in there interests you more, you just have to look at the references in the bibliography to find the literature.
What language would you recommend?
Assembly.
-
It is a bit old, but still seen as The Bible about computer viruses: "The Art of Computer Virus Research and Defense" by Peter Szor. The concepts are still true today and I have to say reading it is worth the time.
Please note that Szor sees worms as a subcategory of viruses. So if you want to learn mainly about worms, this will still serve you well.
If you need a more brief overview and references for more literature: There is one chapter with 18 pages about malware in general in my master thesis. Get it from here: thesis download (https://github.com/katjahahn/PortEx/raw/master/masterthesis/masterthesis.pdf)
Chapter 2 is the interesting one for you. If any of the mentioned topics in there interests you more, you just have to look at the references in the bibliography to find the literature.
Assembly.
Yea, I'll take a look at the book. I'm very new to this stuff so it would be cool to get familiar with the general idea of malware instead of just starting to code it.
-
Malware is a very large genre of programming. Everything you listed are different items with different goals
Virus: a programs that copies itself (with various levels of sophistication).
Worms: self-replicating programs.
Rootkits: programs that change a system at a lower (typically kernel) level to mask infection from the user.
Trojans: Programs that act like other programs (typically with malicious intent)
Remote Access Trojans (RATs): are programs that act like something else but actually create backdoor access into systems.
Spyware: Focuses on intercepting user activity on a specific machine.
You need to start by deciding what you want to achieve. Do you know anything about programming already?
If not, then I'd recommend learning a programming language before doing anything else.
Um, I just wanted to point out that a rootkit is actually a set of programs to help maintain access to a compromised system once an attacker has breached it :D
-
Um, I just wanted to point out that a rootkit is actually a set of programs to help maintain access to a compromised system once an attacker has breached it :D
No. A rootkit hides any/all of the following from the legitimate user of the system:
- processes
- ports
- directories
- users
That is all a rootkit does.
-
um... while technically correct (hiding key information from the user does help maintain access)
https://www.youtube.com/watch?v=871-3XMhtAk (https://www.youtube.com/watch?v=871-3XMhtAk)
Um, I just wanted to point out that a rootkit is actually a set of programs to help maintain access to a compromised system once an attacker has breached it :D
-
Definitions differ always depending on who you ask.
Experts cannot even agree on a common definition for virus (esp. whether to see worms as viruses or not).
-
Oh well back to school then for me lol
-
Maybe also worth checking out is the website of VX Heaven, www.vxheaven.org
Contains a decent collection of source code, ebooks/whitepapers and e-zines regarding the subject you're interested in.
I also found http://spth.virii.lu/main.htm a nice website, unfortunately not very up to date but interesting nonetheless.
;)