- Posts: 1
- Thank you received: 0
Spyware programming..
20 years 2 weeks ago #5815
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Spyware programming..
Hmm.. let me see if I can dance round this fairly sensitive topic.
First and foremost..
What is your programming background ? Which languages are you familiar with ?
I'm taking it you're not familiar with programming since you asked what programming tools are used to create spyware...
There are no tools.. they're just written in some or the other language.. Since most malware is written by socially inept morons with too much free time and little programming knowledge.. they're written in higher level languages.. usually they copy-paste them together in Visual Basic.
Most spyware relies on deception more than any great coding to embed itself and disable security mechanisms...
Disabling firewalls and anti-virus is usually fairly trivial.. a list of the executable image names of popular products will be checked against processes in memory, they will be killed if possible, or they will be killed on the disk. Or maybe their startup entries will be deleted so they will never come up after the next reboot.
Keylogging is usually done through a simple hook to the keyboard.. unfortunately not that easy to detect (someone correct me on this if I'm wrong)...
What else do they do ? Worms will propagate by including their own SMTP server to mail themselves around... and scan other portions of the network..
The algorithm used by worms for scanning usually shows how (in)competent a virus writer is.. if its a simple sequential scan of the IP address space, you've got a horribly inefficient worm that will not spread very quickly since each worm will rescan already infected regions...
Random scanning is almost as bad.. it shows that the virus writer didnt have the brains to write the scanning module.. so he threw in a rand() or 4...
There is a very good paper on the subject of worm propogation algorithms. Worth a read for every security researcher (and a waste of time for every marketing lowlife who wants to code spyware to get his ads seen).
web.lemuria.org/security/WormPropagation.pdf
Now quid pro quo Clarise....
Why are you trying to write dirty code when there is more than enough existing malware to analyse ? The Honeynet project has challenges based on the same....
Something is rotten in the state of Denmark....
After all, why would I want to help you write a virus when all I know about you is that you say you're in a degree project
Prove your intentions and I will happily share more information with you (source code, papers, et al).
Regards,
First and foremost..
What is your programming background ? Which languages are you familiar with ?
I'm taking it you're not familiar with programming since you asked what programming tools are used to create spyware...
There are no tools.. they're just written in some or the other language.. Since most malware is written by socially inept morons with too much free time and little programming knowledge.. they're written in higher level languages.. usually they copy-paste them together in Visual Basic.
Most spyware relies on deception more than any great coding to embed itself and disable security mechanisms...
Disabling firewalls and anti-virus is usually fairly trivial.. a list of the executable image names of popular products will be checked against processes in memory, they will be killed if possible, or they will be killed on the disk. Or maybe their startup entries will be deleted so they will never come up after the next reboot.
Keylogging is usually done through a simple hook to the keyboard.. unfortunately not that easy to detect (someone correct me on this if I'm wrong)...
What else do they do ? Worms will propagate by including their own SMTP server to mail themselves around... and scan other portions of the network..
The algorithm used by worms for scanning usually shows how (in)competent a virus writer is.. if its a simple sequential scan of the IP address space, you've got a horribly inefficient worm that will not spread very quickly since each worm will rescan already infected regions...
Random scanning is almost as bad.. it shows that the virus writer didnt have the brains to write the scanning module.. so he threw in a rand() or 4...
There is a very good paper on the subject of worm propogation algorithms. Worth a read for every security researcher (and a waste of time for every marketing lowlife who wants to code spyware to get his ads seen).
web.lemuria.org/security/WormPropagation.pdf
Now quid pro quo Clarise....
Why are you trying to write dirty code when there is more than enough existing malware to analyse ? The Honeynet project has challenges based on the same....
Something is rotten in the state of Denmark....
After all, why would I want to help you write a virus when all I know about you is that you say you're in a degree project
Prove your intentions and I will happily share more information with you (source code, papers, et al).
Regards,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.120 seconds