EvilZone
Hacking and Security => Beginner's Corner => : HTTP April 20, 2015, 10:41:46 PM
-
Would there be any significant downsides to code malware in VB, except for the dependencies?
-
Well first off it relies on the .net framework. But in a larger scale, you cant do too much with Pointers/ Memory, it's kind of annoying and should a user want your program removed they could boot into safemode. Now you could copy your program into the Startup folder, but teh .net framework won't load in safemode so it's useless. And also it would only be useable on windows.
If you want my advice learn C
-
Well first off it relies on the .net framework. But in a larger scale, you cant do too much with Pointers/ Memory, it's kind of annoying and should a user want your program removed they could boot into safemode. Now you could copy your program into the Startup folder, but teh .net framework won't load in safemode so it's useless. And also it would only be useable on windows.
If you want my advice learn C
You have some valid points. But as far as I know, booting into safe mode does nothing to the .net framework and there should be no reason for your application not to run. I am also pretty sure that if you add your application to the startup folder/key (In windows registry) (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and many other places), it will start in safe mode. Nobody uses the startup folder anymore (You can use it in addition to other startup methods).
The app will however only (mostly) run on windows. There have been a few experiments with porting the framework to other platforms (http://www.mono-project.com/).
As far as .net framework and 'significant downsides', you wont get many XP machines. As long as you use .net framework 2.0 and nothing newer it should work on all machines with vista+++.
-
You have some valid points. But as far as I know, booting into safe mode does nothing to the .net framework and there should be no reason for your application not to run. I am also pretty sure that if you add your application to the startup folder/key (In windows registry) (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and many other places), it will start in safe mode. Nobody uses the startup folder anymore (You can use it in addition to other startup methods).
The app will however only (mostly) run on windows. There have been a few experiments with porting the framework to other platforms (http://www.mono-project.com/ (http://www.mono-project.com/)).
As far as .net framework and 'significant downsides', you wont get many XP machines. As long as you use .net framework 2.0 and nothing newer it should work on all machines with vista+++.
I thought that all non essential dependencies are killed on startup in Safemode hence it wouldn't run. But you probably know more so I won't debate it.
-
Other users have pointed out that C, C++, and ASM are better for malware. You should expect VB malware to only run on Windows. VB isn't a bad language, but it isn't good either and it is often used by skids. It's better than trying to create Windows malware in super high level Python modules and trying to "compile" it. AFIK a lot of Python compilers just compile to byte code and retain a lot of Python API calls that won't make an executable that can just be dropped anywhere and expected to work.
If you want malware to work outside of Windows, then you should not use VB. You will also need to take care that the malware is not dependent on your version of .NET.
-
I am also pretty sure that if you add your application to the startup folder/key (In windows registry) (HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and many other places), it will start in safe mode.
Not with this key you mentioned.
The ones that run in safemode are the subkey entries in:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\
Btw, a lot of malware is still written in VB6, which does not use .NET.