New Generation of Malware
AmbiguicCoherence
Well, I know I haven’t written anything in a while. I’ve been caught between a wall and a hard place as they say. Whether to write something that has any relevance to what I do at work, or to write about the world of security or the underground. Software – to follow up with any other post, as in operating systems or new applications that could easily change our efficiency or productivity.
In the security world, I’ve been slacking with my software. My personal fix to easily and completely help out everyone who sends me HijackThis! logs. you might see these in “help me” forums. I have people email me them and I tell them what’s wrong with their PC’s and how they can fix it – without spending an arm and a leg at a retail store and then be told to reformat. Because that should be the last option. I don’t see it being reasonable to have people on support teams without any knowledge of computer support. It doesn’t make you an IT guy or girl if you can install software and run a scan. My grandmother can actually do that. And she’s 87. So, I write an antivirus stinger tool. not to brag, I’ve got more files identified than some major antivirus firms in regards to major viruses (viri) or worms (Storm Worm for example). I meddle in both “hats” as you may have read before, but I won’t share some of my sources unless the law calls for it. My software deals with multiple programming languages but I’m not going to change it or simplify it to one language unless I figure out an easy way to manipulate the OS. Like I said, I’m behind in updates so I can’t write about that.
What I’ve decided to do is write a short blurb about a recent debugging/disassembling accident of mine. I ran into a fancy piece of malware on a chinese website. I was looking for a file, no comment on what it is or why. But, upon dasm, once again, like i’ve done in the past, have hit the wrong shortcut key – i know other people have done the same, and it’s a beginner mistake OR an adv to expert mistake on very minimal sleep. So, upon unloading, this stupid thing blew out the firmware in my router and manipulated the winsock registries. I’ve got a lot of registry experience : both manipulating it, and pushing things through it to change the windows experience… but, the quickness this thing did it’s job and the fact that none of it remained attached to anything is worth writing about. Most worms attach to system files, and viruses manipulate system files and then spread that way. This thing set up a redirect within my routing tables to use a foreign server as a redirect/proxy and then use network traffic normally. So, unless really looking for it, it’s very easy to miss. My router incident is another story in itself, based on my logs, my computer DOS’ed my own router. I’ve got it setup (and the rest of my setup has multiple firewalls and vlans and what not, so unless you know it, you aren’t getting in) to limit my own traffic for specific applications, but an instant DOS attack that cleans up after itself is something new to me.
If you feel like commenting, please do so. If you’ve experienced this, let me know. I’m not going to share the file because I can flag it with every antivirus out there once it’s upacked.
Well, back to work. Hopefully I can get back into the habit of posting things for you all.
