What do you think about my polymorphic malware sketch.

[hppd]

Okay so I'm learning c++ to write a polymorphic malware. I did some research on the matter, and this is my interpretation of how it should be done. I think these are the steps I should take, but I might be completely wrong to. Tell me what you think. If you think it's completely unreadable let me know I'll digitalyze it



Btw big thanks to deque for her e-book, it really helped me out

[Architect]

>ah8pGay.jpg
I think it's secretly gay. And Deque is female? Wut.

Anyway nice, although slightly unreadable. Needs more info about network communication between the virus and your server and server to client etc.

[hppd]

>ah8pGay.jpg
I think it's secretly gay. And Deque is female? Wut.

Anyway nice, although slightly unreadable. Needs more info about network communication between the virus and your server and server to client etc.

Yeah that's stuff for later . Right now I'm learning about code caves, PE, encryption/decryption methods, c++ and debugging.. Basicly I just want the server there to store  the IP's and a little info about the network/computer. And manually make a connection to it on the backdoor I leave open. Or maybe just take an existing malware and modify it I don't know yet. First I want to learn about the polyorphic part, it fascinates me cause it's like a living organism

[Architect]

Yes, true hackers never reuse shellcode, it's always polymorphic. And yes it is somewhat like an organism. But that's purely subjective.

[proxx]

Since its throwing ideas time I just wanted to drop this here:
https://en.wikipedia.org/wiki/Fast_flux
Maybe give some inspiration when it comes to the networking part.
And its soo fucking sweet.

[Architect]

In the world of rootkits we already see very effective polymorphism, but we have yet to make public the functions of the more powerful rootkits like Storm, which even change their packing code every 10 minutes or so.

"...the Storm cluster has the equivalent of 1-10M (approximately) 2.8 GHz P4s with 1-10 petabytes of RAM (BlueGene/L has a paltry 32 terabytes).  In fact this composite system has better hardware resources than what's listed at http://www.top500.org for the entire world's top 10 supercomputers.." - Peter Gutmann, 2007

Well that's great, considering if it's still around, and has not been sold off piece by piece, like researchers say it has, it would be quite larger than 1-10 petabytes total RAM. It would far outperform all 10 of the most powerful supercomputers combined.

Can you imagine the power of such a large zombie network, not even in terms of blackhat use but computational power? Holy fuck.

[Daemon]

To paraphrase one of my hacking heroes, screw polymorphic. That's baby shit. Metamorphic is where it's at.
http://en.wikipedia.org/wiki/Metamorphic_code

Also fast flux that proxx linked is nice, it severely cuts down on the chance of your botnet being cutdown. Or look into P2P ones such as the gameover version of Zeus. Other than that, I'm having troubles reading it all but seems decent, I would just suggest looking at how other ones work and using that basic logic for yours.