Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Marketing Virus: The new age of malixious programs

Silent Supporter
29a [6]
September 2001

[Back to index] [Comments]
silentsupporter@poczta.onet.pl

btw. I apologize for my bad english ... I am so so so sorry for that [not really ;-p]

Well, I don't know if anybody has ever written about such an idea, but let's start from the very beginning.

New technologies created by virus writers are cool and powerful. Unfortunately AV community is more than just coders. They're damn smart and able to react to all the tricks very fast.

So, what a poor VX-writer can do? Hmm I guess there're few ideas, right? Like f.ex. drinking a beer in a companion of a nude blonde :>>

Okay, let's make things more serious.

The past and reality shows that viruses which use all the tricks like slow multi-layered polymorphism, EPO, midfile infection and even metamorphism have their chances, but ... Yes, sadly to say, most of them are unable to survive in the new environments for a very long time. It is easy to detect them and even easier to protect against them. ISP install scanners on their servers, people use more and more sophisticated AV programs. Some friends of mine even use 2 AV programs at the same time. It makes longlasting infection hard, almost impossible.

So, again, back to the question about ideas... What frustrated VX-writer may do in such situation? =D

The idea I want to describe here is not a very new one. All of us know droppers, right? So, here starts the story. Imagine such a scenario:

Starring:

Imagine hundred of thousands applications that try to connect to White House home page [Code Red's idea :)] on December, 31th, let's say year 2003. Impossible?

Imagine AV community that wants to write a program to remove that "virus" from the computers [a lot of versions already exist].

Imagine such "features" of the program that on that Friday, 13th will

    • take a data file of the program
    • extracts encrypted packers like old lzexe, pklite and newer like upx, aspack (who would believe that innocent file like prog.dat may contain any encrypted executables, right?)
    • use those packer/encryptors to change executable of the program on the disk and drop copies around
    • make regular copies of the program by overwriting typical applications like "calc.exe" etc. or by modyfying them as viruses do
    • spread as a typical worm/virus (using most known viruses/worms' methods)
    • infect installation packages of Windows and other applications;

      most of ppl have them on their HD, you may find them using Registry check this one

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath

      or those ones

      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OLSSrcPath
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\CommandLine

      Guess what happens when the user reinstalls the system :)

    • whatever else ....

The thing is that, even the marketing virus strikes on that Friday, 13th even AV people will get the source, even people will know everything about it, it will be a very very hard task to clean the systems.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua