Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Spyware programming..

Spyware programming.. 12 years 4 weeks ago #5801

  • Homer90
  • Homer90's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Hi all,
As above I have started a degree project and have to decided to do some research on spyware i.e understanding how it works programming tools used to create them ???? ... as a part of the project firewalls and anti-virus will be tested.Im thinking about creating a simple virus/ware to understand how they work and understand why they target certain areas of the OS.
Any help would be great Sourec code ,papers etc.!
P.S Platforms are Xp pro.
The administrator has disabled public write access.

Re: Spyware programming.. 12 years 4 weeks ago #5815

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Hmm.. let me see if I can dance round this fairly sensitive topic.

First and foremost..
What is your programming background ? Which languages are you familiar with ?

I'm taking it you're not familiar with programming since you asked what programming tools are used to create spyware...

There are no tools.. they're just written in some or the other language.. Since most malware is written by socially inept morons with too much free time and little programming knowledge.. they're written in higher level languages.. usually they copy-paste them together in Visual Basic.

Most spyware relies on deception more than any great coding to embed itself and disable security mechanisms...

Disabling firewalls and anti-virus is usually fairly trivial.. a list of the executable image names of popular products will be checked against processes in memory, they will be killed if possible, or they will be killed on the disk. Or maybe their startup entries will be deleted so they will never come up after the next reboot.

Keylogging is usually done through a simple hook to the keyboard.. unfortunately not that easy to detect (someone correct me on this if I'm wrong)...

What else do they do ? Worms will propagate by including their own SMTP server to mail themselves around... and scan other portions of the network..

The algorithm used by worms for scanning usually shows how (in)competent a virus writer is.. if its a simple sequential scan of the IP address space, you've got a horribly inefficient worm that will not spread very quickly since each worm will rescan already infected regions...

Random scanning is almost as bad.. it shows that the virus writer didnt have the brains to write the scanning module.. so he threw in a rand() or 4...

There is a very good paper on the subject of worm propogation algorithms. Worth a read for every security researcher (and a waste of time for every marketing lowlife who wants to code spyware to get his ads seen).

web.lemuria.org/security/WormPropagation.pdf


Now quid pro quo Clarise....

Why are you trying to write dirty code when there is more than enough existing malware to analyse ? The Honeynet project has challenges based on the same....

Something is rotten in the state of Denmark....

After all, why would I want to help you write a virus when all I know about you is that you say you're in a degree project :)

Prove your intentions and I will happily share more information with you (source code, papers, et al).

Regards,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup