HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 52 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Teaching about Viruses
EH-Net
May 22, 2013, 09:26:56 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Teaching about Viruses  (Read 5238 times)
0 Members and 1 Guest are viewing this topic.
justme
Newbie
*
Offline Offline

Posts: 10



View Profile
« on: November 28, 2007, 02:54:57 PM »
I am going to be teaching about various viruses in a class on security for a tech school and I am looking for "safe examples" (ones that are non destructive) that I can use to show the various types that are out there. Macro, Trojan, etc.

Does anyone know where I can find something like this?

Thanks
Logged
spaces_are_evil
dean
Guest
« Reply #1 on: November 28, 2007, 08:01:17 PM »
Well, I'm not too sure about "safe" malware but you can check out :

http://www.offensivecomputing.net/  - it's a database of user submitted malware.

https://www.frame4.net/mdpro/index.php - Similar sort of thing but you have to pay for full access otherwise it's a limited free access.

I normally grab various malware variants from these sites when I need to analyze their behavior, etc... 

Your best option might be to build a small vmware network and make sure its not connected to the internet when demoing a bots or worms that don't require user interaction to spread. Most of the newer malware is smart enough to detect a VM environment though and will change their behavior accordingly so this might limit your demonstrations.

dean
Logged
g00d_4sh
Sr. Member
****
Offline Offline

Posts: 394



View Profile
« Reply #2 on: November 28, 2007, 08:35:13 PM »
I've heard if you set up dns capabilities for the vmed box the malware can sometimes be fooled.  At least that is what a presenter was saying at the last conference I attended on Malware forensics.  I'm sure someone here will have more on that though.
Logged
"Bad.. Good?  I'm the guy with the gun"
justme
Newbie
*
Offline Offline

Posts: 10



View Profile
« Reply #3 on: November 28, 2007, 10:53:20 PM »
Thanks for the links. Unfortunately I asked about setting up a VM environment and because it is a shared lab and not secure the powers that be will not allow it.

I found a couple of testers with sigs that anti virus will alert on and show how they can work if it was a real virus. I may have to be satisfied with that and just show the code of some that were caught in the wild.
Logged
spaces_are_evil
dean
Guest
« Reply #4 on: November 29, 2007, 12:03:10 AM »
You can always use the EICAR test file.

As for detecting VM environments, there are various methods for this, some of which are :

Detecting VME artifacts in the registry or processes. - I think some variants of Phatbot do this.
Detecting VME artifacts in memory.
Detecting VME specific processor instructions.
Looking for specific virtual hardware.

Joanna Rutkowska's Red Pill was written to detect virtual machines by figuring out the location of the Interrupt Descriptor Table and based on the location determine if the OS was running in a VM or not.

Scoopy www.trapkit.de is another tool that does VM detection.
Logged
justme
Newbie
*
Offline Offline

Posts: 10



View Profile
« Reply #5 on: December 08, 2007, 11:27:55 PM »
I appreciate the suggestions but as I said I can't setup a VM network or bring any kind of LIVE malware into the school.

What I am looking for is more on the order of a simulator virus - one that mimics a live virus but has no destructive payload.

 
Logged
spaces_are_evil
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.058 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.