HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 17 guests and 4 members online
EH-Net Donations

Enter Amount:
$
Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Teaching about Viruses
Ethical Hacker Community Forums
January 07, 2009, 10:25:44 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Teaching about Viruses  (Read 2096 times)
0 Members and 1 Guest are viewing this topic.
justme
Newbie
*
Offline Offline

Posts: 9



View Profile
« on: November 28, 2007, 02:54:57 PM »
I am going to be teaching about various viruses in a class on security for a tech school and I am looking for "safe examples" (ones that are non destructive) that I can use to show the various types that are out there. Macro, Trojan, etc.

Does anyone know where I can find something like this?

Thanks
Logged
spaces_are_evil
dean
Full Member
***
Offline Offline

Posts: 130


View Profile
« Reply #1 on: November 28, 2007, 08:01:17 PM »
Well, I'm not too sure about "safe" malware but you can check out :

http://www.offensivecomputing.net/  - it's a database of user submitted malware.

https://www.frame4.net/mdpro/index.php - Similar sort of thing but you have to pay for full access otherwise it's a limited free access.

I normally grab various malware variants from these sites when I need to analyze their behavior, etc... 

Your best option might be to build a small vmware network and make sure its not connected to the internet when demoing a bots or worms that don't require user interaction to spread. Most of the newer malware is smart enough to detect a VM environment though and will change their behavior accordingly so this might limit your demonstrations.

dean
Logged
<script>alert('%52%54%46%4D')</script>
g00d_4sh
Sr. Member
****
Offline Offline

Posts: 296



View Profile
« Reply #2 on: November 28, 2007, 08:35:13 PM »
I've heard if you set up dns capabilities for the vmed box the malware can sometimes be fooled.  At least that is what a presenter was saying at the last conference I attended on Malware forensics.  I'm sure someone here will have more on that though.
Logged
"Bad.. Good?  I'm the guy with the gun"
justme
Newbie
*
Offline Offline

Posts: 9



View Profile
« Reply #3 on: November 28, 2007, 10:53:20 PM »
Thanks for the links. Unfortunately I asked about setting up a VM environment and because it is a shared lab and not secure the powers that be will not allow it.

I found a couple of testers with sigs that anti virus will alert on and show how they can work if it was a real virus. I may have to be satisfied with that and just show the code of some that were caught in the wild.
Logged
spaces_are_evil
dean
Full Member
***
Offline Offline

Posts: 130


View Profile
« Reply #4 on: November 29, 2007, 12:03:10 AM »
You can always use the EICAR test file.

As for detecting VM environments, there are various methods for this, some of which are :

Detecting VME artifacts in the registry or processes. - I think some variants of Phatbot do this.
Detecting VME artifacts in memory.
Detecting VME specific processor instructions.
Looking for specific virtual hardware.

Joanna Rutkowska's Red Pill was written to detect virtual machines by figuring out the location of the Interrupt Descriptor Table and based on the location determine if the OS was running in a VM or not.

Scoopy www.trapkit.de is another tool that does VM detection.
Logged
<script>alert('%52%54%46%4D')</script>
justme
Newbie
*
Offline Offline

Posts: 9



View Profile
« Reply #5 on: December 08, 2007, 11:27:55 PM »
I appreciate the suggestions but as I said I can't setup a VM network or bring any kind of LIVE malware into the school.

What I am looking for is more on the order of a simulator virus - one that mimics a live virus but has no destructive payload.

 
Logged
spaces_are_evil
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.035 seconds with 22 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.