flat assembler
Message board for the users of flat assembler.

Index > Heap > Discussing viruses and AV

Goto page 1, 2, 3, 4, 5  Next
Author
Thread Post new topic Reply to topic
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
You should not post codes related to virus programming. I believe that the forum administration is going to take serious measures to prohibate such codes.

_________________
Code it... That's all...
Post 23 Nov 2005, 20:44
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7734
Location: Kraków, Poland
Tomasz Grysztar
Analyzing the virus from a book in order to design own anti-virus isn't IMHO anything that should be prohibited.
Post 23 Nov 2005, 22:31
View user's profile Send private message Visit poster's website Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Quote:
Analyzing the virus from a book in order to design own anti-virus isn't IMHO anything that should be prohibited.


Tomasz, I don't care if that guy desires to analyze viral codes but he has no right to post that code to this nice forum. He has always the opportunity to PM you. I cannot approve his code released to public.

_________________
Code it... That's all...
Post 24 Nov 2005, 06:32
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7734
Location: Kraków, Poland
Tomasz Grysztar
He mentioned the official source for this code, "The Little Black Book of Computer Viruses" by Mark A. Ludwig.


Nevertheless, if he reverse engineered some kind of virus he happened to be infected with, in order to make own anti-virus program to get rid of it (I was doing such things and see nothing wrong with them, actually they are kind of opposite to the wrong ones like writing the viruses), I would also accept such posting. It would be highly educational.
Post 24 Nov 2005, 07:43
View user's profile Send private message Visit poster's website Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Tomasz,

You are a serious and logical person. No matter what is the source, it's not a good idea to make public those codes : If you let him to release malware code than the situation will encourage others to do the same thing. As there is no "educational" reasons to make explosives, there is also no reason to allow members to post viral codes.

Second, the member posting the code is a new one. Not to offend anyone but how can you be sure that he is doing something educational?

_________________
Code it... That's all...
Post 24 Nov 2005, 08:19
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
virtex: (sorry, i at first this was a typo, but i HAD to leave it here... fate)

1. that virus won't hurt anybod nowadays, how many people you know who use DOS and share programs on media (not by downloading from internet)? How many of them are such dicks, geeks and lamers at same time that they compile virus and give it to their friends on a floppy / CD?

2. virus analysis _IS_ educational, i've learnt much from it myself. And tomasz said same and so would many here.

3. if somebody with access to internet wants virus sources he has no problems finding one. http://www.google.com/search?&rls=en&q=virus+source. even if daothanhtuan posted it for non-educational purposes, which i doubt, then this one source won't hurt anybody.

btw, he said he is heading to AV direction. Maybe, with our help of understandning viruses, he will become AV and help people get rid of viruses.

And one more thing to think about: How do you think any antivirist would become antivirist, if he couldn't get to virus sources?
Post 24 Nov 2005, 09:14
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
gunblade



Joined: 19 Feb 2004
Posts: 209
gunblade
That very nice code, and a good job explaining it vid, took me a while to even finish reading it, let alone understand it Wink.

As vid said.. (Right as I was about to post), virus sources are available all over the place on the net, not even only old ones for DOS, but also new ones for windows, linux, etc.. You name it, and it's somewhere on the net. Yeah, posting that source on a forum just randomly isn't too smart, but posting it so that he can ask questions and try to understand it is wonderful. Reading source code for other programs is how I learned a lot of things about assembler.

Aah, nothing like a good rant in the morning. Twisted Evil

gunblade
Post 24 Nov 2005, 09:21
View user's profile Send private message Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Quote:
1. that virus won't hurt anybod nowadays, how many people you know who use DOS and share programs on media (not by downloading from internet)? How many of them are such dicks, geeks and lamers at same time that they compile virus and give it to their friends on a floppy / CD?


No matter what is the host operationg system for malware, delivering viral code to a quality forum like flatassembler.net cannot be considered approvable. DOS, UNIX , Win32 \ Win64 or any target OS , by posting those codes, you give give ideas to people about developing viral code. Concerning viral coding, the major difference between google and flatassembler.net is that this forum is dedicated to asm programming. If an individual is requesting malware sources, he's absolutely free to search google or any other facilities but I believe that this forum is intended for good people who wants to learn and enjoy asm. Finally, your DOS code can inspire some ideas for others.

Quote:
virus analysis _IS_ educational, i've learnt much from it myself. And tomasz said same and so would many here.


Virus analysis might be educational for you at HOME but not in public.

Quote:
if somebody with access to internet wants virus sources he has no problems finding one. http://www.google.com/search?&rls=en&q=virus+source. even if daothanhtuan posted it for non-educational purposes, which i doubt, then this one source won't hurt anybody.


As I said, feel free to search google but this forum is not the place to advocate malware coding.

Quote:
btw, he said he is heading to AV direction. Maybe, with our help of understandning viruses, he will become AV and help people get rid of viruses.


Once again, not to offend anyone but we are not going to help people with suspicious posts. Assisting this user may not help him to become a AV developer as this issue is related to serious system programming.

Quote:
Yeah, posting that source on a forum just randomly isn't too smart, but posting it so that he can ask questions and try to understand it is wonderful.


Posting it so that he can ask questions about viral coding will be never an attitude to approve.

_________________
Code it... That's all...
Post 24 Nov 2005, 12:13
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Vortex: and so we shouldn't post reverse engineering - releated articles. and common algorithms which are illegal to copy without license in some countries. and we shouldn't talk about disatvantages of some commercial programs, because it is prohibited negative commercial in public. This direction is going nowhere...

Malciious viruses are usually written by people who can hardly craft somthing together, and can't do nothing else than lame destruction. Viruses are written by good programmers doesn't blindly destroy data. And more you understand from the viruses, you don't need to experimant and you are no more lamer to write malicious viruses.

I was playing with viruses too, and i would ask here about them too if i had internet that times. And am i writing some destructive viruses now? I think zounds threads like "help me with my school project" degrade this board, not analyzis of interesting (!) "extreme" assembly snippets from good coders. That code is dangerous no more, but is very very educative. There are very few as interesting posts as this one (percentually).

If someone is really such lamer that he wants to destroy data to visible himself, then he has many easier ways than this one. Learning some PHP is much more worthy for this than assembly nowadays.

Viruses are all written by good programmers, seldom malicious. Those which damage data are usually editations / rewritements of already existing viruses.

My final words (maybe Wink ) to this subject:
If you don't like virus analysis here, then try to find at least one other thread on this forum, or any code example except viruses, where this topic (getting program load address delta with call, or progs that can be executed on any offset) is covered.
Post 24 Nov 2005, 18:18
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1606
Location: Ukraine
shoorick
give me the gun! (in educational purposes Wink )

although virus-writing is also the art, there are a lot of other more usefull things to educate in, esp. for newbies Wink all malware presented on public has label "in educational purposes" - it is just a lable in real Smile
Post 25 Nov 2005, 06:05
View user's profile Send private message Visit poster's website Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Quote:
we shouldn't post reverse engineering - releated articles. and common algorithms which are illegal to copy without license in some countries. and we shouldn't talk about disatvantages of some commercial programs, because it is prohibited negative commercial in public. This direction is going nowhere...


What has to do commercial applications with viral coding?

Quote:
...malicious viruses


There is no such a thing like malicious or good computer viruses. A virus is a destructive piece of code.

Quote:
And am i writing some destructive viruses now?


Destructive or not , viruses are dangerous.

Quote:
Viruses are all written by good programmers


A good programmer, is it a person who knows to code viruses?

Quote:
If you don't like virus analysis here...


The problem is not what I like or not , posting here is viral codes is not an act to be welcomed.

_________________
Code it... That's all...
Post 25 Nov 2005, 06:16
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7734
Location: Kraków, Poland
Tomasz Grysztar
So we shouldn't post any information about how the guns work, how to make gun powder (chemistry education) etc. just because someone would use this information to make a gun and then go to the street shooting people (oh yeah, he in the same time downloaded Doom game and learned from there how to do it Wink). I this manner we could forbid almost any topic, because people are so inventive they are able to use almost anything for malicious purposes.

I think that any really good assembly language programmer should be able to use his knowledge to fight the viruses on his own (like it once happened to me when I got infected by virus that was not yet detected by the AV programs available to me). But such knowledge and experience cannot be achieved without knowing at least elementary things about what virues really are and how do they work. And when people know almost nothing about viruses they are actually much easier target for the ones what write them. Yes, such knowledge is a two-edged sword. But if we were to relinquish knowledge just because it can be misused, I should close all the forums here at once.
Post 25 Nov 2005, 09:11
View user's profile Send private message Visit poster's website Reply with quote
Torrey



Joined: 12 Oct 2003
Posts: 78
Torrey
With all the exploits and other security related problems in the computer world today it's necessary to discuss topics like this one so we as programmers know how to protect ourselves, and even the software we create. Because of the complexity of the subject any programmer (no matter the skill level) will learn something new each time he or she studies these topics.

Timid is a very simple virus, and like most viruses of its time had a signature string included in its header. In this sample by scanning bytes 3 and 4 of each .COM file in the directory will tell you whether or not the file was infected.

[poking fun]
Quote:
A virus is a destructive piece of code.

Not all viruses are destructive! A majority of viruses blend in with the executable file and do no harm to the actual program code. Think of it in terms of a woman getting breast implants. She's adding something extra to her breasts, but this doesn't destroy them, only changes appearance. And just like breast implants, viruses are removable!

Quote:
viruses are dangerous

Gun are also dangerous, but they also save lives as well.

Quote:
The problem is not what I like or not , posting here is viral codes is not an act to be welcomed.

If you want to stunt your development as a close-minded programmer ignore threads that deal with this topic. Different strokes for different folks...


Last edited by Torrey on 25 Nov 2005, 12:35; edited 1 time in total
Post 25 Nov 2005, 09:21
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
vortex: you reacted on almost everything, but you forget to react on my last (most important) apendix.
Post 25 Nov 2005, 09:50
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1606
Location: Ukraine
shoorick
Torrey - virmakers can be obused of your comparing Very Happy Very Happy

i think such topic has good aim: author tries to write antivirus program: he does not ask to help write or optimize virus as in the lot of other threads. fact of such posting is not yet virus distribution: a lot of other way exists to find them. i hate viruses, but i have a zipped collection of them also ("for educatonal purposes" Wink. there are topics where authors directly or indirectly ask to help make virus, but i should say exactly this topic is not like them Wink
Post 25 Nov 2005, 10:38
View user's profile Send private message Visit poster's website Reply with quote
MazeGen



Joined: 06 Oct 2003
Posts: 977
Location: Czechoslovakia
MazeGen
Vortex expressed his opinions with correct behaviour and he gets this insult.

I am unpleasantly surprised that moderators of this board allow Torrey offend Vortex, one of the very experienced programmers and frequent contributor to assembly community.

That is really sad Sad

Torrey, please apologize to Vortex.
Post 25 Nov 2005, 11:51
View user's profile Send private message Visit poster's website Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Tomasz, think like this : learning the principles of chemistry and publishing the exact formulation and producing an explosive are completely different topics, plus producing explosives by non-authorized persons is not permitted by laws. You can't help people to fight viruses by allowing them to post viral codes. I believed that flatassembler.net is not the place to discuss the coding methods of viruses. If an individual wants to develop an AV , he is completely free to achieve that but you should not permit people to submit viral code to this forum.

If a person wants to misuse technical knowledge, you can't stop him as you mentioned but you should not encourage such persons by letting them to post here nonsense.

Put some rules to this forum and you will no need to close any forum here as you mentioned.

Quote:
A majority of viruses blend in with the executable file and do no harm to the actual program code.


Understand that there is no such a thing like harmless virus. You are not allowed to inject code to other persons applications. Would you like that a hacker or somebody else would spread this kind of harmless virus to your computer?

Quote:
Gun are also dangerous, but they also save lives as well.


It depends on who and in which conditions the gun is fired?

Quote:
If you want to stunt your development as a close-minded programmer ignore threads that deal with this topic. Different strokes for different folks...


There are a lot of open minded people who has very high skills of coding in other asm forums where such topics are not discussed.

Torrey, you should stop directing me hard statements. Don't pollute this forum by posting here your insults.

MazeGen, thanks for your support. I know you are a gentleman.

_________________
Code it... That's all...
Post 25 Nov 2005, 21:41
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7734
Location: Kraków, Poland
Tomasz Grysztar
Vortex wrote:
learning the principles of chemistry and publishing the exact formulation and producing an explosive are completely different topics

That's right. And we also don't compile nor distribute in active form the virus, do we? We just publish the formulation, we don't produce the explosives.

Vortex wrote:
You can't help people to fight viruses by allowing them to post viral codes. (...) If an individual wants to develop an AV , he is completely free to achieve that but you should not permit people to submit viral code to this forum.

I really don't get it how anyone could achieve that without analysing actual viruses.
Vortex wrote:
If a person wants to misuse technical knowledge, you can't stop him as you mentioned but you should not encourage such persons by letting them to post here nonsense.

You're right that I cannot be sure what are the intentions of the one who started this thread, but he just started a topic which I actually would like to be discussed. And now this precious discussion is getting lost between the tons of flames.

Vortex wrote:
You are not allowed to inject code to other persons applications.

Sometimes patching several programs (like the fix for the bug in old Borland Turbo Pascal CRT library, which prevented such programs from running on new computers) is necessary without any malicious purposes (to get the programs work correctly, in this case).

And whether the law allows you to do it, it may depend on the country. Though I would be against the law forbidding disassembling or modifying the programs you've got on your computer - hey, there might be some spying code hidden in that OS written in another country, and I have no right to check it out?
Post 25 Nov 2005, 22:04
View user's profile Send private message Visit poster's website Reply with quote
Vortex



Joined: 17 Jun 2003
Posts: 318
Vortex
Quote:
And we also don't compile nor distribute in active form the virus, do we? We just publish the formulation, we don't produce the explosives.


There is a big difference : If you have the source code and a suitable assembler / compiler , it's easy to produce the final executable.

About chemicals, I can say you that it might be very difficult to synthesis a coumpound even if you have the formulation and the raw materials.

Quote:
I really don't get it how anyone could achieve that without analysing actual viruses.


There are a lot of other forums where an individual can discuss about viral codes. Why flatasssembler.net is a place to talk about this type of coding?

Quote:
And now this precious discussion is getting lost between the tons of flames.


This is not my fault, why that person releasing nonsense is supported by the forum?

Quote:
Sometimes patching several programs (like the fix for the bug in old Borland Turbo Pascal CRT library, which prevented such programs from running on new computers) is necessary without any malicious purposes (to get the programs work correctly, in this case).


Thin ice! An official patch can be activated with the permission of the user, it's your final decision to run the patch or not. Most of the cases, viral codes are pathcing the executables without notifying the user.

_________________
Code it... That's all...
Post 26 Nov 2005, 09:26
View user's profile Send private message Visit poster's website Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7734
Location: Kraków, Poland
Tomasz Grysztar
Vortex wrote:
There is a big difference : If you have the source code and a suitable assembler / compiler , it's easy to produce the final executable.

It still requires the knowledge and effort. It's this effort that is the main wrong thing in both cases.
If it might make you happier, we can remove all the headers from the source, so it won't be possible to compile it without the knowledge of assembler.

Vortex wrote:
This is not my fault, why that person releasing nonsense is supported by the forum?

You wanted to say: that's not your fault, that my opinion is not what would you like it to be?

Quote:
Thin ice! An official patch can be activated with the permission of the user, it's your final decision to run the patch or not. Most of the cases, viral codes are pathcing the executables without notifying the user.

This had to be example that the fact of injecting the code into executable itself cannot be used as an argument to prove that viruses are malicious. Actually I agree that every virus is malicious in some way (though I wouldn't use this word intechangeably with "destructive") - stealing your disk space and slowing down execution of programs being the common "bad things" (well, except the boot sector viruses, but they steal some RAM anyway). However I did see your argumentation to be a bit weak, and a good occasion to discuss another few interesting topics.
Post 26 Nov 2005, 09:41
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3, 4, 5  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.