Some ideaz about future worm

Dieses Thema: "Some ideaz about future worm" im Forum "Security Talk" wurde erstellt von rhythm, 22.07.2004.

  1. rhythm

    Expand Collapse
    evolution now!

    Dabei seit:
    hey! bezüglich der windows/linux virescanner-diskussion, dachte ich, dieser artikel von dem 29A-member Benny regt doch in gewisser weise zum nachdenken an... enjoy!

    ciao, rhythm

    Some ideaz about future worm by Benny/29A:

    One day, when I was thinking about my future projectz I sudenly remembered
    some idea I heard somewhere, some yearz ago... I advanced it and even when
    I haven't finished the worm using these ideaz (anyway, I have the main part
    already finished), I want to share them with you... the real reason why I
    don't have any worm is becoz the spreading mechanism dependz on some
    buffer-overflow bug of new versionz of IIS and/or Outlook that will allow to
    execute arbitrary code on remote machine. And becoz there's no such bug
    found, I have to wait for that (then I will finish it)...:-P

    Construction of unremovable worm

    My idea soundz for the first sight very weirdly. The problem of all wormz
    is (suprisely) their PRESENCE at the computer. If some worm is stored
    somewhere on the disk, in the memory, operating system, ... it can be alwayz
    found by scanner just becoz the worm is there... and the other side of the
    coin, it can be also removed when it is found. how to avoid the detection and
    remove capabilitiez of AV scannerz? Simply - avoid the presence of the worm at
    the computer ;-)

    How? There exist two areaz where the worm can be stored - disk and memory.
    And AV scannerz know that and their functionality dependz on these conditionz.

    So, the worm

    (1) should not be stored at any file on the disk.

    (2) should be stored in some process'es memory (e.g. the shell,
    explorer.exe), but not longer than necessary - spread_and_quit
    algorithm. it is very important to clean the memory when the worm
    quitz, so the worm will be really vanished.

    (3) should be able to spread without any help of user, using exploitz of
    some Internet service that will allow to remotely execute the worm-code.

    (4) should be fast-spreading - it should be able to (very fast) find all
    buggy Internet servicez and infiltrate them in a very short time.

    (5) should be morphed on every generation, using some external metamorphic
    engine (my BME32 or MDriller's MetaPHOR, for instance).

    (6) XXX (described below)

    Removement of the unremovable worm

    Well, the biggest benefit followz - in fact, the only place where the worm will
    be stored is CABLE that connectz computerz in network. Becoz of fast spreading
    capabilitiez and code metamorphism, it won't be able to catch and stop it with
    some ordinal AV. Worm would spread on until ALL buggy Internet servicez at ALL
    to-Internet-connected serverz would be patched.

    But can you imagine that EVERY server on Internet will be correctly patched, in
    a short time? It's impossible! So, if the only place where the worm is stored
    are CABLES (microwave connectorz, satelite recieverz, telephone linez etc...)
    the only way how to stop such worm without patching ALL systemz would be then

    You can see that both of those 2 only wayz are unrealisable. And I have to
    mention that if the worm would use some very spreaded-out bug, it would cause
    the collapse of the world-wide network (the wanted side effect of the worm)!
    I'm sure, that if the spreading algorithm would be advanced later, this worm
    could cause a REAL harm.

    XXX bonus

    Perhaps, the alternative way how to STOP such virus would be paradoxly to
    create a new virus, with one addition (but I doubt AVerz would be allowed to do
    it ;-); one module that will - after successful infection - patch buggy system
    and so close the opened door. Is it science fiction? You decide...
    #1 rhythm, 22.07.2004
    Zuletzt bearbeitet: 22.07.2004
  2. tsuribito

    Expand Collapse

    Dabei seit:
    Das S auf seiner Tastatur scheint kaputt zu sein.
    Warum müssen die sich eigentlich immer so lächerlich machen?
    #2 tsuribito, 22.07.2004

Some ideaz about future worm

Die Seite wird geladen...

Some ideaz about future worm - Ähnliche Themen

  1. Servermark: Futuremark entwickelt Server-Benchmark unter Linux

    Servermark: Futuremark entwickelt Server-Benchmark unter Linux: Die Firma Futuremark arbeitet unter der Bezeichnung Servermark an einer umfangreichen Test-Suite für Server, mit der sich unter anderem die...
  2. FutureWarning bei x<<y

    FutureWarning bei x<<y: Hallo zusammen, ich habe mir ein Script geschrieben das Dateien mit dem rijndael-Algorithmus verschlüsselt und wieder entschlüsselt! Das...
  3. in Testphase in Testphase: [IMG] Hallo, neben dem in Windowskreisen sehr bekannten Softwarenewsprojekt startet demnächst auch...
  4. Capt. Future

    Capt. Future: Hallo Leute, die älteren unter uns werden sich vielleicht noch an eine Anime-Serie namens Capt. Future erinnern, ich persönlich fand sie...