Trojans, Keyloggers & Bots FAQ ..For our awareness

Q. What is a virus?

A. A computer program usually hidden in an existing
program. Once the existing program is executed,
the virus program is activated and can attach itself
to other programs or files. Viruses can range
from doing activities such as attaching a harmless
message to performing malicious activities such as
destroying all the data on a computer hard drive.
Viruses are commonly distributed as e-mail attachments
which activate when the attachment is opened. Virus
protection software, updated regularly with the latest
virus definitions, can help protect computers from
viruses.

------------------------------------------------------------

Q. What is the difference between a virus and a worm?

A. A computer worm is a self-replicating computer
program, similar to a computer virus. A virus attaches
itself to, and becomes part of, other executable
programs, however, a worm is self-contained and does
not need to be part of another program to propagate
itself. They are often designed to exploit the file
transmission capabilities found on many computers.

------------------------------------------------------------

Q. What is the difference between a virus and a trojan?

A. Trojans are programs (often malicious) that install
themselves or run surreptitiously on a victim's machine.
They do not install automatically often, but once installed
they often run automatically when the computer starts.
Trojans can be hidden with other files, so the user thinks
it is something else. Having a trojan on your computer
gives other people access to your computer, it allows them
to monitor your activites and also control your computer.

------------------------------------------------------------

Q. What is a botnet ?

A. Botnet is a jargon term for a collection of "zombie"
computers, or bots as some people like to call them.
It is a program like a trojan but it connects to an IRC
server waiting for commands to be sent to it. They are often
used as tools for DDoS attacks.

------------------------------------------------------------

Q. What is a keylogger ?

A. A keylogger can monitor all of your keystrokes, so if for
example you type "hello" it will record it and either store
it in a file or it could send it to someone through email.
Keyloggers can sometimes also grab information which is stored
on the clipboard, for example something you have copied and
pasted. There are certain types of loggers which don't actually
monitor the keys you press but they sniff the packets that
are sent and received from the computer, these are called sniffers.

------------------------------------------------------------

Q. I have written a virus, how do I make it
detected by anti-virus companies?

A. You will need to submit the file to them,
along with a little note saying what it is.
Usually there is information about how to submit
files to them, on there website.

------------------------------------------------------------

Q. I have a virus binary/source how do I make it
undetected?


A. This question sounds like "I need to make a virus
undetected so I can send it to someone I know." so a
lot of people will not want to answer it because even
though they write viruses (virii?) they might not
believe in sending them to people they don't like.

Though I believe it can be good to know the answer.

Firstly you should know how anti-viruses work. When
they have a file which they know is a virus they
"tag" the file. Basically they take a string which
is in the file and then add it to there database. The
strings which are kept in there database are called
"virus definitions". Because anti-viruses tag new
files all the time, you have to update your anti-viruses
definition files so that your AV (Anti-Virus) program
will detect new files.

If you have the source code to a virus, all you
need to do is recode it so that when it is
assembled/compiled/interpreted the file will be
different from how it originally was, and the
AV company will have to choose another string to
tag.

Recoding it can be changing function/variable names.
rewriting/moving functions, these are just two examples.
You can also add "garbage" code, which is adding junk
strings to the file, hopefully the AV will tag part
of the garbage then it makes it easier to make the
file undetected in future.

If you only have a binary of the virus, you could try
editing parts of the file with a hex editor, you can
corrupt a file by doing this though. You could try
using packers/crypters. You could try dissasembling
the file and rebuilding it.

------------------------------------------------------------

Q. Can a virus damage Hardware?

A. In the past there were viruses like CIH
that could flash your bios.

------------------------------------------------------------

Q. Can a virus affect firmware?

A. Yes.

------------------------------------------------------------

Q. Which is the best language to write a virus in?

A. I believe this is a personal preference.
Usualy best languages are low level programming
languages like ASM or C, but viruses can be written
in almost any programming language.

------------------------------------------------------------

Q. Is there a way I can test viruses safely?

A. Best way to test a virus is to have a spare
box (a machine used specially for learning and tests).

------------------------------------------------------------

Q. How can I test my anti-virus works?

A. Use the eicar anti-virus test file.
http://www.eicar.org/anti_virus_test_file.htm

------------------------------------------------------------

Q. Which is the best Anti-Virus software?

A. Again I think this comes down to personal prference.
Websites like virusscan.jotti.org can help you choose
between 14 different antivuruses.


------------------------------------------------------------

Q. Why do people write viruses?

A. Some people do it just as a way of theyr programming
skillz. Other people do it because they believe
by finding new techniques of intrudion, they are
improving security and advancing computer technologies.
Recently we saw, along with Mytob virus, that some do
it for profit. There are lot's of other reasons
people make them though.

Here are some links to some trojan related forums incase anybody is interested.

-thread moved from Codemasters-

Hey, it is nice that you posted this here, because that is what the article is made for, sharing knowledge. But you should really give credit to where it came from and the people that wrote it.

The first post is taken from.
http://www.ccpowerforums.com/forums/showthread.php?t=9421

The second post is taken from.
http://www.ccpowerforums.com/forums/showthread.php?t=4104

We don't want the post deleted or anything, but in future can you just put a little note at the bottom saying "This was taken from www.ccpowerforums.com" or something.

Thanks