Viruses

Please compose all posts in Emacs.

Moderators: phlip, Moderators General, Prelates

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Viruses

Postby zenten » Wed Nov 14, 2007 9:48 pm UTC

If you get a virus, at least on a machine you own and have administrator privileges and can do whatever you damn well please and answer to no one, it's your own damn fault. Don't like having to restrict your surfing habits? Use another Browser/OS. Don't go complaining to Microsoft, it was your choice to use their software. And definately don't complain about the virus writer (in regards to your own system, not the piles of spam you get), since their program wouldn't hurt your computer if you used it properly.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Viruses

Postby d3adf001 » Wed Nov 14, 2007 10:20 pm UTC

zenten wrote:If you get a virus, at least on a machine you own and have administrator privileges and can do whatever you damn well please and answer to no one, it's your own damn fault. Don't like having to restrict your surfing habits? Use another Browser/OS. Don't go complaining to Microsoft, it was your choice to use their software. And definately don't complain about the virus writer (in regards to your own system, not the piles of spam you get), since their program wouldn't hurt your computer if you used it properly.


was this a split from another thread because i feel like something came before this.
It's not a split. I agree it looks like a response to something in another thread. Zenten apparently felt it deserved a war all its own. :D

User avatar
davean
Site Ninja
Posts: 2498
Joined: Sat Apr 08, 2006 7:50 am UTC
Contact:

Re: Viruses

Postby davean » Thu Nov 15, 2007 2:29 am UTC

There hasn't been a half decent virus or worm written in the last few years. The closes might have been code red but seriously, it wasn't exactly well done. When was the last virus that flashed its self into your BIOS seen in the wild? Or anything that actually dug down and embedded its self deeply.

User avatar
d3adf001
Posts: 1000
Joined: Thu Mar 29, 2007 4:27 pm UTC
Location: State College, PA
Contact:

Re: Viruses

Postby d3adf001 » Thu Nov 15, 2007 3:50 am UTC

davean wrote:There hasn't been a half decent virus or worm written in the last few years. The closes might have been code red but seriously, it wasn't exactly well done. When was the last virus that flashed its self into your BIOS seen in the wild? Or anything that actually dug down and embedded its self deeply.


storm? btw im mad at storms write because i was talking about using a bittorrent site as the bot herder and storm kind of stole my idea

User avatar
wing
the /b/slayer
Posts: 1876
Joined: Tue May 29, 2007 5:56 am UTC

Re: Viruses

Postby wing » Thu Nov 15, 2007 5:45 am UTC

People write malicious code to make money these days. There's no money in obliterating boxes.

That said, I think the world could use a BIOS-flasher-virus right about now. It's not even like it's hard anymore, since every BIOS vendor on earth has a Winflash application now. I've done it (minus any propagation code) before to coaster some old hardware. It only rates a 1/10 on the ninja scale (Writing a Solitaire clone is 2/10).

It'd teach a lot of people a lot of things about computer security - really, really quickly.
I AM A SEXY, SHOELESS GOD OF WAR!
Akula wrote:Our team has turned into this hate-fueled juggernaut of profit. It's goddamn wonderful.

User avatar
davean
Site Ninja
Posts: 2498
Joined: Sat Apr 08, 2006 7:50 am UTC
Contact:

Re: Viruses

Postby davean » Thu Nov 15, 2007 6:51 am UTC

wing wrote:People write malicious code to make money these days. There's no money in obliterating boxes.

That said, I think the world could use a BIOS-flasher-virus right about now. It's not even like it's hard anymore, since every BIOS vendor on earth has a Winflash application now. I've done it (minus any propagation code) before to coaster some old hardware. It only rates a 1/10 on the ninja scale (Writing a Solitaire clone is 2/10).

It'd teach a lot of people a lot of things about computer security - really, really quickly.


If you do, get your random number generator right will you? These skill-less virus writers are embarrassing even if I don't like what their coding.

The proper generator shouldn't even strain your group theory ...

"Warhol Worm" reference

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: Viruses

Postby EvanED » Thu Nov 15, 2007 6:52 am UTC

I would just like to say that my favorite academic paper title ever, How to 0wn the Internet in your spare time, is about viruses.

That is all.

photosinensis
Posts: 163
Joined: Wed Aug 22, 2007 6:17 am UTC

Re: Viruses

Postby photosinensis » Thu Nov 15, 2007 6:57 am UTC

wing wrote:People write malicious code to make money these days. There's no money in obliterating boxes.

That said, I think the world could use a BIOS-flasher-virus right about now. It's not even like it's hard anymore, since every BIOS vendor on earth has a Winflash application now. I've done it (minus any propagation code) before to coaster some old hardware. It only rates a 1/10 on the ninja scale (Writing a Solitaire clone is 2/10).

It'd teach a lot of people a lot of things about computer security - really, really quickly.


I wholly agree. However, instead of a purely destructive boot sector virus, it should have at least some constructive ends.

This is what I'm thinking:

First, we build ourselves one massive RAID array. I'm talking several yottabites (1 YB = 1 trillion TB) here, and without a bandwidth meter. I don't care who we have to blow to get that kind of cash. Of course, this would probably have to run Solaris, as we're gonna need ZFS for that (though ZFS doesn't quite cover our asses). The one-box thing is important. Next, we make a server capable of netbooting and installing the Linux distro de jour. We've made a couple of additions to the Linux distro's default install, but nothing malicious.

Next, we make a boot sector virus. It's two time bombs. Before it detonates, it uploads the contents of a user's home folder (well, the Windows equivalent of a home folder) to the FBS (Fscking Big Server), to a folder based on the luser's MAC address. When the first time bomb goes off, the virus sends itself out over open port 80 connections attached to html/xml/whatever files or appends itself to server requests. This, of course, is the propagation step.

The real payload occurs about two weeks later: the virus nukes the system's boot sector and has it netboot to our Linux server, which initiates the installation. It's a completely hands-off installation, so the luser doesn't know what's happening--just that he can't use his computer properly. To keep him from doing something stupid, like turning off the machine, we'll put up a message that looks Windows-like saying that we're applying some "essential system updates". This is all the luser sees for perhaps an hour or two. The system only installs itself to hard-wired hard drives, making sure that no USB/FireWire drives are touched, but the hard-wired drives are totally nuked.

When the machine finally becomes usable, we prompt the user for a username and password. We don't keep a record of this, as we're constructive blackhats. That sets up the primary account (it's a sudo account, not a true root account). From there, we get the computer's MAC address(es) and download all of that luser's files from the BFS and put them in his/her home folder.

Lastly, when all is said and done, the operating system on localhost takes over and shows them a brief howto video on the basics of using the OS we've given them and good security practices. We'll tell them that their files are OK and where to find them. Yes, we've deleted all of their files from our server, but reported any kiddie porn we find to the relevant authorities, handing over the MAC address and IP number it came from.

That's the virus we need today. Too bad nobody's got the cajones to code it.
While I clicked my fav'rite bookmark, suddenly there came a warning,
And my heart was filled with mournng, mourning for my dear amour.
"'Tis not possible!" I uttered, "Give me back my free hardcore!"
Quoth the server: 404.

trickster721
Posts: 282
Joined: Tue Nov 13, 2007 4:26 am UTC

Re: Viruses

Postby trickster721 » Thu Nov 15, 2007 8:23 am UTC

Things like webmail and always-on virus monitors are definatly making a difference. Remember when every other Word document was infected with some macro exploit?

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Viruses

Postby zenten » Fri Nov 16, 2007 4:07 pm UTC

trickster721 wrote:Things like webmail and always-on virus monitors are definatly making a difference. Remember when every other Word document was infected with some macro exploit?


No, as I didn't use Word.

zenten
Posts: 3799
Joined: Fri Jun 22, 2007 7:42 am UTC
Location: Ottawa, Canada

Re: Viruses

Postby zenten » Fri Nov 16, 2007 4:08 pm UTC

davean wrote:There hasn't been a half decent virus or worm written in the last few years. The closes might have been code red but seriously, it wasn't exactly well done. When was the last virus that flashed its self into your BIOS seen in the wild? Or anything that actually dug down and embedded its self deeply.


Shut Up And Show Them The Code

User avatar
wing
the /b/slayer
Posts: 1876
Joined: Tue May 29, 2007 5:56 am UTC

Re: Viruses

Postby wing » Sun Nov 18, 2007 7:54 am UTC

photosinensis wrote:
wing wrote:People write malicious code to make money these days. There's no money in obliterating boxes.

That said, I think the world could use a BIOS-flasher-virus right about now. It's not even like it's hard anymore, since every BIOS vendor on earth has a Winflash application now. I've done it (minus any propagation code) before to coaster some old hardware. It only rates a 1/10 on the ninja scale (Writing a Solitaire clone is 2/10).

It'd teach a lot of people a lot of things about computer security - really, really quickly.


I wholly agree. However, instead of a purely destructive boot sector virus, it should have at least some constructive ends.

This is what I'm thinking:

First, we build ourselves one massive RAID array. I'm talking several yottabites (1 YB = 1 trillion TB) here, and without a bandwidth meter. I don't care who we have to blow to get that kind of cash. Of course, this would probably have to run Solaris, as we're gonna need ZFS for that (though ZFS doesn't quite cover our asses). The one-box thing is important. Next, we make a server capable of netbooting and installing the Linux distro de jour. We've made a couple of additions to the Linux distro's default install, but nothing malicious.

Next, we make a boot sector virus. It's two time bombs. Before it detonates, it uploads the contents of a user's home folder (well, the Windows equivalent of a home folder) to the FBS (Fscking Big Server), to a folder based on the luser's MAC address. When the first time bomb goes off, the virus sends itself out over open port 80 connections attached to html/xml/whatever files or appends itself to server requests. This, of course, is the propagation step.

The real payload occurs about two weeks later: the virus nukes the system's boot sector and has it netboot to our Linux server, which initiates the installation. It's a completely hands-off installation, so the luser doesn't know what's happening--just that he can't use his computer properly. To keep him from doing something stupid, like turning off the machine, we'll put up a message that looks Windows-like saying that we're applying some "essential system updates". This is all the luser sees for perhaps an hour or two. The system only installs itself to hard-wired hard drives, making sure that no USB/FireWire drives are touched, but the hard-wired drives are totally nuked.

When the machine finally becomes usable, we prompt the user for a username and password. We don't keep a record of this, as we're constructive blackhats. That sets up the primary account (it's a sudo account, not a true root account). From there, we get the computer's MAC address(es) and download all of that luser's files from the BFS and put them in his/her home folder.

Lastly, when all is said and done, the operating system on localhost takes over and shows them a brief howto video on the basics of using the OS we've given them and good security practices. We'll tell them that their files are OK and where to find them. Yes, we've deleted all of their files from our server, but reported any kiddie porn we find to the relevant authorities, handing over the MAC address and IP number it came from.

That's the virus we need today. Too bad nobody's got the cajones to code it.
Uhhhh. Well, actually. I have a system that does exactly that in the refurb/recycle shop. It just doesn't spread autonomously.
I AM A SEXY, SHOELESS GOD OF WAR!
Akula wrote:Our team has turned into this hate-fueled juggernaut of profit. It's goddamn wonderful.


Return to “Religious Wars”

Who is online

Users browsing this forum: No registered users and 5 guests