Understanding the mechanics safely - Need some tips

The constant threat: viruses, trojans, spyware, ... the list goes on

Understanding the mechanics safely - Need some tips

Post by automatica on Mon Apr 27, 2009 11:53 pm
([msg=22629]see Understanding the mechanics safely - Need some tips[/msg])

Hey guys, I have some questions on malware. I want to understand the coding/mechanics behind them out of curiosity but doing so requires downloading these nasty buggers. How does one go about doing this safely and is it easy enough to crack it open in some sort of text editor like notepad (or Mac equivalent like text wrangler).

I do have a bootcamped Mac, so I've been half tempted to go over on the mac side and toy with the source coding on malware designed for windows only... but I don't want it to make it over to the windows partition as I use programs over there professionally. Thought I would throw this out there for the more experienced user here before I began toying around to try and wrap my head around the concept by studying the code. I also have another old windows based computer that I need to reformat the hard drive on... so that is also another option as I can just keep wiping it clean after analysis (linuxing it may be an option to).
When it comes to brainwashing it's best to do your own laundry.
User avatar
automatica
New User
New User
 
Posts: 26
Joined: Mon Oct 27, 2008 1:14 am
Blog: View Blog (0)


Re: Understanding the mechanics safely - Need some tips

Post by AtlasDark on Tue Apr 28, 2009 2:41 pm
([msg=22667]see Re: Understanding the mechanics safely - Need some tips[/msg])

The code is usually a set of instructions interpreted by the kernel do perform specific actions that are otherwise undesirable - if they aren't executed, they remain as text (or otherwise obscured). Obtaining one isn't a problem on today's net, though pacifying it and dissecting it is an issue that I don't believe I can detail on, since I've not attempted this before.

I don't think virtualized systems are affected so long as they are not specifically targeted (or running), though I may be wrong - correct me if that is the case.
User avatar
AtlasDark
Poster
Poster
 
Posts: 175
Joined: Sun Apr 05, 2009 10:40 pm
Blog: View Blog (0)


Re: Understanding the mechanics safely - Need some tips

Post by automatica on Tue Apr 28, 2009 4:52 pm
([msg=22685]see Re: Understanding the mechanics safely - Need some tips[/msg])

AtlasDark wrote:I don't think virtualized systems are affected so long as they are not specifically targeted (or running), though I may be wrong - correct me if that is the case.


<Noob>You lost me at virtualized systems, are you talking about something like "VMware Fusion" because I don't think bootcamp is anything close to that with the partitioning. Are you talking about something like VMware or boot camped partitions on a Mac?</Noob>

I know many of the windows based malwares tend to set their rewrite targets to the traditional C drive, guess I'll have to see if the Mac side of this computer lists the windows partition under a "C drive." Also interesting food for thought, if the piece of malware targets certain directories well known for computer functionality in the C drive, what would happen if you renamed the C drive to something like "Automaticas" drive to obstruct the file paths it tries to rewrite itself into? Could be an interesting way of diffusing (something thing I want to look into) some poorly written malware.
When it comes to brainwashing it's best to do your own laundry.
User avatar
automatica
New User
New User
 
Posts: 26
Joined: Mon Oct 27, 2008 1:14 am
Blog: View Blog (0)


Re: Understanding the mechanics safely - Need some tips

Post by AtlasDark on Wed Apr 29, 2009 3:00 pm
([msg=22756]see Re: Understanding the mechanics safely - Need some tips[/msg])

Yep, basically what you stated - either by partitioning or setting aside space and allocating the data used into a singular file ala Parallels.

I believe Windows systems have "assumed substructure" batch commands (for lack of a better set of terms), alike ~/Folder being a designation leading to a folder in a specific location (either predefined or whatnot, such as a relative branch to My Documents and navigating from there), so scripts may be able to utilize such. Could exist in Unix systems also.

I do know that some virtualization software for OSX actually sets the OS as dormant when inactive, and when the UI is invoked, the software will thus mount the OS that the user intends to virtualize, and until that point, I deduct that the OS to be mounted is inaccessible.
User avatar
AtlasDark
Poster
Poster
 
Posts: 175
Joined: Sun Apr 05, 2009 10:40 pm
Blog: View Blog (0)


Re: Understanding the mechanics safely - Need some tips

Post by automatica on Thu Apr 30, 2009 3:32 am
([msg=22789]see Re: Understanding the mechanics safely - Need some tips[/msg])

Found something interesting when it comes to reverse engineering malware:

http://www.cwsandbox.org/

I'm probably go ahead and "nix" up the old machine and begin trying to play around with some windows only malware variants and hope the person writing the code didn't modify it for other OS's. I might throw the sandbox program on the window's side of the computer just to toy around with it after some more research on the issue.

One area I'm researching as a new mac user is .bat versus .exe file extensions. The only extension I've seen mac side (and I'm a new mac user and loving it... but please correct me if I'm wrong) is .bat. Does a mac not install .exe's? If so, that's almost a sure fire way to check if a piece of malware was written for windows OS variants. I guess one of the comforting things is a program can't install itself without the admin privileges at first from what I'm gathering on the Mac OS.

Nose back to the grind stone. :D
When it comes to brainwashing it's best to do your own laundry.
User avatar
automatica
New User
New User
 
Posts: 26
Joined: Mon Oct 27, 2008 1:14 am
Blog: View Blog (0)


Re: Understanding the mechanics safely - Need some tips

Post by Ansain on Sun May 03, 2009 8:14 am
([msg=23080]see Re: Understanding the mechanics safely - Need some tips[/msg])

Last time I fooled around with viruses I just turned them into normal txt files and then studied them. Maybe that'll work for you?
User avatar
Ansain
New User
New User
 
Posts: 19
Joined: Fri May 01, 2009 4:27 pm
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests