.

Teaching about Viruses

<<

Root_compromise

User avatar

Newbie
Newbie

Posts: 10

Joined: Thu Aug 09, 2007 5:58 pm

Location: alternate reality

Post Wed Nov 28, 2007 3:54 pm

Teaching about Viruses

I am going to be teaching about various viruses in a class on security for a tech school and I am looking for "safe examples" (ones that are non destructive) that I can use to show the various types that are out there. Macro, Trojan, etc.

Does anyone know where I can find something like this?

Thanks
spaces_are_evil
<<

dean

Post Wed Nov 28, 2007 9:01 pm

Re: Teaching about Viruses

Well, I'm not too sure about "safe" malware but you can check out :

http://www.offensivecomputing.net/&nbsp; - it's a database of user submitted malware.

https://www.frame4.net/mdpro/index.php - Similar sort of thing but you have to pay for full access otherwise it's a limited free access.

I normally grab various malware variants from these sites when I need to analyze their behavior, etc... 

Your best option might be to build a small vmware network and make sure its not connected to the internet when demoing a bots or worms that don't require user interaction to spread. Most of the newer malware is smart enough to detect a VM environment though and will change their behavior accordingly so this might limit your demonstrations.

dean
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Nov 28, 2007 9:35 pm

Re: Teaching about Viruses

I've heard if you set up dns capabilities for the vmed box the malware can sometimes be fooled.  At least that is what a presenter was saying at the last conference I attended on Malware forensics.  I'm sure someone here will have more on that though.
"Bad.. Good?  I'm the guy with the gun"
<<

Root_compromise

User avatar

Newbie
Newbie

Posts: 10

Joined: Thu Aug 09, 2007 5:58 pm

Location: alternate reality

Post Wed Nov 28, 2007 11:53 pm

Re: Teaching about Viruses

Thanks for the links. Unfortunately I asked about setting up a VM environment and because it is a shared lab and not secure the powers that be will not allow it.

I found a couple of testers with sigs that anti virus will alert on and show how they can work if it was a real virus. I may have to be satisfied with that and just show the code of some that were caught in the wild.
spaces_are_evil
<<

dean

Post Thu Nov 29, 2007 1:03 am

Re: Teaching about Viruses

You can always use the EICAR test file.

As for detecting VM environments, there are various methods for this, some of which are :

Detecting VME artifacts in the registry or processes. - I think some variants of Phatbot do this.
Detecting VME artifacts in memory.
Detecting VME specific processor instructions.
Looking for specific virtual hardware.

Joanna Rutkowska's Red Pill was written to detect virtual machines by figuring out the location of the Interrupt Descriptor Table and based on the location determine if the OS was running in a VM or not.

Scoopy www.trapkit.de is another tool that does VM detection.
<<

Root_compromise

User avatar

Newbie
Newbie

Posts: 10

Joined: Thu Aug 09, 2007 5:58 pm

Location: alternate reality

Post Sun Dec 09, 2007 12:27 am

Re: Teaching about Viruses

I appreciate the suggestions but as I said I can't setup a VM network or bring any kind of LIVE malware into the school.

What I am looking for is more on the order of a simulator virus - one that mimics a live virus but has no destructive payload.
spaces_are_evil

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software