Jump to content

Virus research

digitalundernet

By digitalundernet
in General Chat

 Share

Recommended Posts

digitalundernet

digitalundernet

Posted
Posted

I'm sorry I'm fairly sure this is the wrong sub-forum to post this in. I'm a college student who's recently gotten into virus R&D. I've got myself an IBM server which I'm maxing out the RAM and CPU's on so I can turn it into a VM lab. I'm really wanting to learn how to take a virus 'from the wild' sandbox it, take it apart and learn how it works in detail so I can write a disinfection tool. Any tips on 1) resources on this 2) where I can find a database of viruses/malware that's already been researched so I can check my findings with someone else?

I've got the book The Art Of Computer Virus Research and Defense and its really good. Still teaching my self ASM as well so thats a stumbling block of mine. My college has decided java is the way to go and C++/C are too archaic to look into. Any video lectures on the basics?

Sorry if this is too much or too poorly typed out. Thanks for your time

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hi Again digitalundernet -

Again - Sorry but the actual basis of this program is not for public release -

The company (and its very active founder) keep the internal basics of the program under "lock and key" as most internet security companies do -

As a "jesting note" , have you asked Norton or McAfee for the basics of their company secrets - :)

For further information I would ask you to read the heading above our HiJack This forum and there is a list of places where you can get further qualifications in the area of removal - Here is the area -

Link to post
Share on other sites
Adam Brock

Adam Brock

Posted
Posted

digitalundernet - Are you wanting information on how to write your own analysis program, or are you wanting information on how to analyze malware (for example figure out the code samples, see what IP it's connecting to, etc.)?

I think I understand your question, and if it's the latter you're looking for, I'd be interested in the same info. :)

\\ACB

Link to post
Share on other sites
handhfan

handhfan

Posted
Posted

Having gone through these courses, and even teaching them, they don't give the information that is being asking for here. They teach malware removal, but not malware analysis.

From my experience, a lot of the stuff is very hidden, and self-taught. However, if anyone does have any information, and would like to share it, I too would be interested. I've been trying to get better in analysis of malware and get a job doing so, but it's very hard to get a jumpstart. :)

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hi Again -

I can understand what you mean handfan - The trouble is that without doing Full computer courses at a university it is one of the starting points for people interested in a start towards a career in IT - Years of study will still leave you behind as the industry changes daily - Remember those who started 10 years ago only had Windows 98 at best to work with - That cannot be compared to Win 7 , and now Win 8 is brewing !!

Thank You - :)

Link to post
Share on other sites
digitalundernet

digitalundernet

Posted
  • Author
Posted
Hi Again digitalundernet -

Again - Sorry but the actual basis of this program is not for public release -

The company (and its very active founder) keep the internal basics of the program under "lock and key" as most internet security companies do

Again I do NOT want the basics for malware bytes I don't think YOU understand what I'm asking. Adam had it right. The basics of reverse engineering malware code for MY OWN USE. I came here because I was told I could get assistance on the topic.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted
I don't think YOU understand what I'm asking.

I fully understand - Read Post#9 in this thread - A lot is self taught and will be always ongoing study - What you learn today must be restudied again the next day - When Vista was released the basic manual was 1 1/2 inches thick - It is like Malwarebytes and most other security programs are updated or changed every day - As handfan stated 'a lot of the stuff is very hidden and self taught' - I applaud you for taking this step into the world of finding and fighting malware and spyware - If you succeed in your quest please let us know if you manage to get a program together -

Thanks - :)

Link to post
Share on other sites
Sam Stern

Sam Stern

Posted
Posted
I'm sorry I'm fairly sure this is the wrong sub-forum to post this in. I'm a college student who's recently gotten into virus R&D. I've got myself an IBM server which I'm maxing out the RAM and CPU's on so I can turn it into a VM lab. I'm really wanting to learn how to take a virus 'from the wild' sandbox it, take it apart and learn how it works in detail so I can write a disinfection tool. Any tips on 1) resources on this 2) where I can find a database of viruses/malware that's already been researched so I can check my findings with someone else?

I've got the book The Art Of Computer Virus Research and Defense and its really good. Still teaching my self ASM as well so thats a stumbling block of mine. My college has decided java is the way to go and C++/C are too archaic to look into. Any video lectures on the basics?

Sorry if this is too much or too poorly typed out. Thanks for your time

Hello,

This is probably not the right forum for such discussions. Rather, I would suggest you take a look at the the various "focus" groups from Security focus like

http://www.securityfocus.com/virus

You may also want to learn about how any any anti virus program works -- if so take a look at learning about clamav (not the windows port mind you the base gpl program) as you will have more success about learning the internals of a gpl program then a commercial enterprise like mbam.

It's also unclear how you plan to use this knowledge. What is you end game or are you more interested in just learning how various virii work without a larger (less specialized) context? OR do you have a larger goal in mind - that is do you want to learn about exploits and other security work or are focused on learning how virii work (As opposed to the larger study of exploits in general)

Sam S.

Link to post
Share on other sites
Sam Stern

Sam Stern

Posted
Posted

It occurred to me that, as others have noted, much of computer security security work is very much hidden. In some locals it's illegal to provide direct knowledge of such matters so please pardon a certain obliqueness to my note :D. Here are a few toys I suggest you "play" with (ollydebug has already been mentioned)

warning: My background is not in virus research and development rather it's pen testing, and wide scale security auditing. These tools reflect my understanding of exploit development and reverse engineering and how I would go about learning to develop root kits (if I ever found the time!).

Immunity Debugger

www.immunitysec.com/products-immdbg.shtml

Virtual box - one of two "must haves" in this day and age - the other being vmware

http://www.virtualbox.org/

Vmware - expensive, there are times when it's pay to play -- built in debugger support !

http://www.vmware.com/

Webscarab - just evaluate for yourself if this is useful to your endeavors

http://www.owasp.org/index.php/Category:OW...bScarab_Project

MEtaspoloit - again it might answer a need for you

http://www.metasploit.com/

HTH

Sam S.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

There are different fields of analysis.

One for detecting and removing Malware (most helpers fit into this category as it requires much less training)

Another for reverse eningeering - This would typically require that you know or learn how to program in a couple of languages such as C and Assembly (perhaps not required, but very much recommended). There are some basic reverse analysis methods and tools that can be employed to do some of this without such training but to really be good at this you need a lot of experience and either school or self taught training. This is not something that will be learned in 3 month work-shop. Most have many years of experience and training in this area. You also need to love what you're doing and have a passion for it otherwise you will not be good at it.

As mentioned though most of the in depth information and analysis you seek is typically not provided in an open public forum or documentation. Though there is some available.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept