Why do people write dumb virus tutorials

Pages: 12
closed account (N36fSL3A)
^ It doesn't have to be a myth. ;D
not if we go clubbing and wear leather and say things like 'woah, I know kung fu'
Follow the white rabbit.
I wrote a virus once, just to see if I could. Found out recently my dad did as well when he was my age. I knew he modded the hell out of hardware in the mid 80s, and ran one of the most frequented BBS on the north east coast, but I had no idea he was a skilled programmer as well.
would be interesting to release something that just ambled around, how would you get them to spread??
closed account (G309216C)
You can make it spread by using RPC DCOM vuln's and Spamming using Open Relay Servers. Infect or Attach the program to Files. USB spreading by copying itself into USB sticks & P2P networks.

Make sure it does not do harmful acts.

Personal Story:

A Year back I made a Rootkit-Worm just to learn and basically it spread via P2P such as Limewire and such and I made it to connect to a IRC channel and was amazed to see 100 people got infected in 5 hours shows how fast these things spread. Finally I made it uninstall itself from system. I know it is nothing compared to Conficker and such but still fast I mean a Hacker will try spread it as quickly as possible so Authors tend to automate all the Spreading.
Last edited on
Read up on the Stuxnet worm. Symantec has a nice technical article about it.
closed account (G309216C)
Stuxnet is really not the Client Infection viruses but rather a Industrial Virus as it messes up the SCADA systems. So looking at Conficker worm is much more closer to what people might understand.
Stuxnet infected computers that controlled the SCADA systems, not the SCADA systems directly, because it's not possible. It's also possibly the most sophisticated worms.
closed account (G309216C)
Yes,

Conficker has much more Exploits which helped spread it but the thing is there is almost no rootkit nor a Bypass Mechanism in place as hooking ntdll.KiSystemFastCall would allow some type of AV bypass. Also NO rootkit is wierd as the authors of the actual worm would have almost few decades experience in the Development Field so it would be easy as hell for them to create a Ring0 or Ring3 Rootkit but they chose not to. I would understand as it is a DLL but yet still they could have hidden it far better by hooking function such as NtOpenProcess , NtTerminateProcess , NtQuerySystemInformation , GetTcpTable , ZwOpenProcess[RING0 Only] , ZwTerminateProcess[RING0 only] , ZwQuerySystemInformation[RING0 only] etc. to hide & protect its Files , Network Activity , Process , Registry.

The wierd thing is they did not do it I mean why not, so it must have been a sort of the prototype of a different Worm so it is strange to see other lables on it such as commenting and such I found strange things there. I analyzed it and It is the most elgent written code I have ever seen and it has a Mysterious Back Ground whearas Stuxnet was straight forward in what it wanted to do , cause Malfunctions in PLC's Programmer Logc Controllers which would further cause errors in the Industrial Components.

Stuxnet is more straight forward with a single goal whereas finding Conficker's goal is more mysterious.
Last edited on
closed account (3qX21hU5)
Stuxnet wasn't made to destroy SCADA systems really if anything it was made to steal the information from them systems for industrial espionage. Though this is all speculation.

Conficker has more interesting Exploits it uses.


Stuxnet was the first known worm to use 4 0day's, not 1, not 2, not even 3, but 4. It doesn't really get more interesting then that.

Plus being able to inject and hide code on a PLC, is a feat in itself.
Last edited on
Uh Stuxnet was meant to destroy the centrifuges being controlled by very specific SCADA controllers. Which it did.
closed account (G309216C)
Well Stuxnet actually used 20 0days.

Conficker has way more beautiful & elegant code than Stuxnet , maybe Stuxnet had Millitary Grade Coding style but Conficker has way more elgent and shorter code which allows other to learn from it.
o.O im still making bunny breeding programs,
maybe ten years after I finish uni if my brain isn't proving to be the brain of your average 40 year old I will know about these things too,
I sincerley hope you all pretending you know what you are talking about, I will feel better if you admit it anyway
closed account (3qX21hU5)
Uh Stuxnet was meant to destroy the centrifuges being controlled by very specific SCADA controllers. Which it did.


Meaning the Iran Nuclear Program? Yes it destroyed the centrifuges but I doubt that was the sole intent of the worm. Again all speculation here on my part just like anything on this subject since we don't really have much facts, but I believe its sole purpose was infect and spy on the Iran Nuclear Program which was using Siemens SCADA controllers and take action if it was needed. But more just to gain more information on how far along they were.

But that is just my opinion.
closed account (G309216C)
Stuxnet is possibly the most advanced worm I have ever seen considering the authors who created the Worm must have either Extreme amounts of Knowledge about Industrial Systems and also actual API or the Programming method to interact with the PLC & there is no way someone has that much details and knowledge about a single controller so there must be some type of Government funding at short term and Governments Agents who helped them & explained how interaction happens with programmers logic controllers. Or other way is if the authors have a large group consisting of few tens each with they're own knowledge and expertise on the Target.

I saw that there are 8 different programming styles as some of the indentations are different & the actual usage of functions such as: memcpy() is different but all I can say is that all they're programming styles are good.

Whereas Conficker has only one programming style. but yet it seems more elegant that Stuxnet. Of course they're both powerful worms.

~devonrevenge
Well, You are a brilliant programmer. You are doing good job. Thanks for the compliment.

BTW I am only 17.
Last edited on
I heard aliens made it
closed account (G309216C)
LOL :D. I saw many words and such referring to Hebrew bible and also some variable names which are Hebrew bible and some american words.

So I think US and a Hebrew follower tested and developed it. or maybe Israel as they have a anger or grudge over Iran, so ruining they're Nuclear Program would be a brilliant idea to take revenge on them.
Topic archived. No new replies allowed.
Pages: 12