virus

Recommendations

Info

Table Of ContentsTable Of ContentsTable Of Contents .............................................................................. 2Prologue............................................................................................ 41. File Viruses.................................................................................... 51.1 Introduction ................................................................................ 51.1.1 Overwriting Viruses................................................................. 61.1.2 Parasitic Viruses ..................................................................... 61.1.3 OBJ, LIB Viruses and Source Code Viruses ................................. 61.2 Operating Algorithm of a File Virus ................................................. 72. Worms........................................................................................... 92.1 Anna Kournikova (Jan 2001) ......................................................... 92.1.1 Source Code Part.................................................................... 92.1.2 Decryption Routine ................................................................102.1.3 Decrypted Code.....................................................................122.2 Melissa (Feb 2000)......................................................................152.2.1 Decrypted Code.....................................................................152.2.2 Virus In Action ......................................................................183. Boot Viruses ................................................................................ 233.1 Introduction ...............................................................................233.2 Diskette infecting ........................................................................243.3 Further Discussion and Comments.................................................273.4 Boot Virus Operating Algorithm.....................................................284. Examples ..................................................................................... 294.1 Win 2000 Installer.......................................................................294.1.1 Description Given by Authors ..................................................294.1.2 Microsoft Windows Installer ....................................................304.1.3 Source Code .........................................................................304.2 Win32.Vulcano............................................................................354.2.1 Description Given by Authors ..................................................354.2.2 Interprocess communication (IPC) ...........................................364.2.3 Execution .............................................................................362
Table Of Contents4.2.4 Source Code .........................................................................374.3 Fuzzy.C......................................................................................904.3.1 Discription Given by Author.....................................................904.3.2 Source Code .........................................................................914.4 Qbasic Virus ...............................................................................944.4.1 Description ...........................................................................944.4.2 Source Code .........................................................................944.5 Michelangelo ..............................................................................954.5.1 Description ...........................................................................954.5.2 Source Code .........................................................................963
Page 4 and 5: ProloguePrologueWith these lecture
Page 6 and 7: File Viruses1.1.1 Overwriting Virus
Page 8 and 9: File VirusesExecutes its additional
Page 10: Wormse7iqom5JE4z("X)udQ0VpgjnH•{t
Page 14 and 15: Worms‘ create an object outlook.a
Page 17 and 18: WormsIfSystem.PrivateProfileString(
Page 19 and 20: WormsLoopToInfect.CodeModule.AddFro
Page 21 and 22: WormsBreakUmOffASlice.Body = "Here
Page 23 and 24: Boot VirusesChapter 33. Boot Viruse
Page 25 and 26: Boot Viruses| | | | ... |+-- Virus
Page 27 and 28: Boot Virusesinformation. Such virus
Page 29 and 30: ExamplesChapter 44. ExamplesAll of
Page 31 and 32: ExamplesM-.U3,W@7.!?N[BMKA6+/?5W+%'
Page 33 and 34: ExamplesM.EIJ:VBL-K0/J(M8H`312O&&/L
Page 35 and 36: Examples4.2 Win32.Vulcano4.2.1 Desc
Page 37 and 38: Examples12) Jump to hostAfter hooke
Page 39 and 40: Examples.data;data sectionVulcanoIn
Page 41 and 42: Examplesdb2: mov cl, 4 ;4. bittb2:
Page 43 and 44: Examplesmov ecx, ebx ;ECX = 3rep_so
Page 45 and 46: Examplespop eaxpop ecxror al, 2loop
Page 47 and 48: ExamplesddddddddddddoldSetFileAttri
Page 49 and 50: Examplesjmp s_ET;loopget_base:pusha
Page 51 and 52: Examplespush edxpush eaxpush eaxcal
Page 53 and 54:
Examplesj_api old_lopennewMoveFileA
Page 55 and 56:
ExamplesendEP2: push dword ptr [ebp
Page 57 and 58:
Examplesmov edx, esipop esiloop k_m
Page 59 and 60:
ExamplesInfect: @SEH_SetupFrame cal
Page 61 and 62:
Examplestest ax, IMAGE_FILE_EXECUTA
Page 63 and 64:
Examplesjmp endMapFile;everything i
Page 65 and 66:
Examplessw_VLCB:call w_wait;wait fo
Page 67 and 68:
Examplesjnc NoCRCxor ax, 08320hxor
Page 69 and 70:
Examplesmov ebx, [eax.MZ_lfanew];ge
Page 71 and 72:
Examplessub ebp, ecxpush ebpcall rv
Page 73 and 74:
Examplesmov esi, [ebp + oldHookers
Page 75 and 76:
Examplescall make_xor ;generate XOR
Page 77 and 78:
Examplesg3: call greg5gg3: call gre
Page 79 and 80:
Examplesmov bh, almov ecx, [esp+4]p
Page 81 and 82:
Examplesgreg3 proccall get_reg;get
Page 83 and 84:
Examplesmov al, 18hor al, chrol al,
Page 85 and 86:
Examplestest eax, eaxje l_next0mov
Page 87 and 88:
Examplesjunx3: pop esi;three byte j
Page 89 and 90:
ExamplesszK32 db 'KERNEL32.dll',0 ;
Page 91 and 92:
ExamplesThis is more or less the sa
Page 93 and 94:
Examples}fwrite(&buf,1,hst_size,hos
Page 95 and 96:
Examples330 IF MID$(ORIGINAL$,F,1)=
Page 97 and 98:
Examplesreadbootblock:checkinfect:i
Page 99 and 100:
Examplesmov bx,7C00hmov cx,firstsec
show all

virus

Create successful ePaper yourself

Delete template?

Save as template?