Have you ever written a malware?

  • (7 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »

95 Replies - 17149 Views - Last Post: 05 November 2011 - 08:55 AM

#1 darek9576  Icon User is offline

  • D.I.C Lover

Reputation: 198
  • View blog
  • Posts: 1,693
  • Joined: 13-March 10

Have you ever written a malware?

Posted 08 March 2011 - 11:38 AM

*
POPULAR

As the title states basically. Have you ever written a malicious software? If yes, what was it? Did it actually run? Why did you do it :P? If not, have you tried, and if you had to stop what caused it?

I am asking out of pure curiosity. I know DIC does not support help in these areas but i am not asking about code but more about experience.

I think, writing e.g. a keylogger program is an awesome way to challenge yourself to write a cool application (I know that there are million of cool application a person can produce but after you wrote it, you might not use it but it may make you aware of the stuff that are there on the net, etc.).

Thanks in advance for answers.

Is This A Good Question/Topic? 5
  • +

Replies To: Have you ever written a malware?

#2 tlhIn`toq  Icon User is offline

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5632
  • View blog
  • Posts: 12,080
  • Joined: 02-June 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 11:46 AM

.

This post has been edited by tlhIn`toq: 14 March 2011 - 07:49 AM

Was This Post Helpful? -6
  • +
  • -

#3 lordofduct  Icon User is offline

  • I'm a cheeseburger
  • member icon


Reputation: 2538
  • View blog
  • Posts: 4,641
  • Joined: 24-September 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 12:11 PM

I don't know, it could be an interesting topic.

It's just a taboo subject because of the very reason you brought up. People don't think writing malware is 'VALID'... but how about understanding malware and how it's developed for the sake of thwarting malware. You can't create a proper security system unless you know where people are trying to break in. You could easily overlook glaring security holes if you don't know to look there.

It's also got that air of mystery to it. Malicious software as a whole is taboo, and for such it's a topic hardly ever approached in the general discussion of computer programming. This creates an allure that many are attracted by. This brings two thoughts to mind for me:

1) it validates people's interest in the topic... there is a direct cause, it the direct cause isn't necessarily malicious intent, but instead just normal human curiosity.

2) those who do investigate purely out of curiosity, and then 'turn to the dark side', may not have turned there if the topic of malicious software was discussed more openly. It's similar to the "teach abstinence vs awareness" debate w/ sex. And I'm on the teach awareness side of that one. I say similar because one you preach "stay away at all costs", and the other you preach "here it is, this is what it's all about. You're free to make your own choice, but I strongly advise against it."





As for my experiences, they are pretty slim.

When I was in 9th grade my friends and I goofed around with writing 'punters' and 'phishers' and the sort... just a bunch of kids goofing off like kids do.

One kid in our group was a bit more interested in stuff and found source to a couple old viruses. We dug through the code a little just to see what it was all about. But we were far from technically capable of figuring out what the hell it was. It was the equivalent of kids our age finding the remains of alien species and proceeding to do an uneducated autopsy of it.

This all only lasted about 8 months, and I quickly proceeded to smoke all the knowledge from my body and mind.

This post has been edited by lordofduct: 08 March 2011 - 12:18 PM

Was This Post Helpful? 3
  • +
  • -

#4 xclite  Icon User is offline

  • LIKE A BOSS
  • member icon


Reputation: 915
  • View blog
  • Posts: 3,195
  • Joined: 12-May 09

Re: Have you ever written a malware?

Posted 08 March 2011 - 12:30 PM

*
POPULAR

One of the reasons we're so bad at security is because anytime somebody brings it up, we get a discussion like NO THAT'S BAD DON'T TALK ABOUT IT. We wouldn't know kevlar stopped bullets without manufacturing bullets.
Was This Post Helpful? 9
  • +
  • -

#5 tlhIn`toq  Icon User is offline

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5632
  • View blog
  • Posts: 12,080
  • Joined: 02-June 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 12:45 PM

*
POPULAR

Sure there is a lot to be said for the side of the argument:
"How can you create security if you don't discuss malware?"

But let's be realistic a moment. How many individuals are in a position to write anti-malware products? Certainly the majority of those reading this esteemed site and finding this thread by Google are NOT part of such a company with those levels of resources.

Forgive how this sounds but the reality is that of the 100,000+ members of this {or any} board maybe 500 of them have an ethics gene. The vast majority of questions are 'gimme teh codez' about how to make a loop not fail and how to avoid a "null reference exception." Do you really think those people would or even COULD use an esoteric conversation about malware to provide armor for their applications or OSes? Pa-leeze. Most of them are college kids looking to have someone provide code they can claim as their own for a high GPA; and are lucky to get their programs to run without errors, let alone try to protect them from attack.

There are so many good BOOKS about computer and code security written by professionals in the security industry, that a genuine developer would and should start, with that a thread like this really only contributes to the lowest common denominator of malware script-kiddie looking to cause trouble.

Just my own opinion and in no way does it reflect the views of this site or its owner and management.
Was This Post Helpful? 7
  • +
  • -

#6 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6092
  • View blog
  • Posts: 23,612
  • Joined: 23-August 08

Re: Have you ever written a malware?

Posted 08 March 2011 - 12:47 PM

Educated adults talk about it. Unfortunately, people don't come to Internet forums like D.I.C. looking to discuss malware unless they're looking for help in creating it, and we're not about to assist/abet/encourage MORE script kiddies. Isn't there ENOUGH malware without providing another place to get the blueprints for creating more???
Was This Post Helpful? 0
  • +
  • -

#7 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2270
  • View blog
  • Posts: 9,496
  • Joined: 29-May 08

Re: Have you ever written a malware?

Posted 08 March 2011 - 12:52 PM

Lets change the focus slightly.

Suppose some asked you how to make an explosive device with household items, and you know how. Do you tell them?

Later you hear of an explosion that has killed people, and the investigation discovers it was you who informed them.

How would you be considered by the community?



How do think the people who taught the 9/11 (hijack) pilots to fly felt?

This post has been edited by AdamSpeight2008: 08 March 2011 - 12:55 PM

Was This Post Helpful? 2
  • +
  • -

#8 xclite  Icon User is offline

  • LIKE A BOSS
  • member icon


Reputation: 915
  • View blog
  • Posts: 3,195
  • Joined: 12-May 09

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:15 PM

*
POPULAR

Except the analogy isn't valid as the OP didn't ask how. He/she only asked about what type it was, how successful it was, etc.

I would be interested in seeing actual responses also - I'm not nearly intelligent nor dedicated enough to make one, and anybody who responds to what the OP's questions wouldn't be posting blueprints at all.

So yes, let's be realistic, and read the OP.

Quote

Have you ever written a malicious software? If yes, what was it? Did it actually run? Why did you do it :P? If not, have you tried, and if you had to stop what caused it?

I didn't see any blueprint requests, or anything that would prompt a user to show how to do it.
Was This Post Helpful? 6
  • +
  • -

#9 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2270
  • View blog
  • Posts: 9,496
  • Joined: 29-May 08

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:20 PM

A better question to ask, Why does the OP consider "a keylogger" is consider to be a "cool application"?
Was This Post Helpful? 1
  • +
  • -

#10 xclite  Icon User is offline

  • LIKE A BOSS
  • member icon


Reputation: 915
  • View blog
  • Posts: 3,195
  • Joined: 12-May 09

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:22 PM

*
POPULAR

Wouldn't it be? You're dealing with somehow reading input from the keyboard without interrupt its transmission to the kernel and without noticeably slowing down or anything. Many of us could benefit from having to deal with things at that level.
Was This Post Helpful? 6
  • +
  • -

#11 darek9576  Icon User is offline

  • D.I.C Lover

Reputation: 198
  • View blog
  • Posts: 1,693
  • Joined: 13-March 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:23 PM

I do not want to create a malware software and do not intend to PM people who managed to do it. I am a Java programmer so there is no way i can write a keylogger in Java which is high lever. I just want to know whether people were curious enough to try it out.

As someone above mentioned: how can we write software to protect us from it, if we dont know how its written.
Was This Post Helpful? 0
  • +
  • -

#12 tlhIn`toq  Icon User is offline

  • Please show what you have already tried when asking a question.
  • member icon

Reputation: 5632
  • View blog
  • Posts: 12,080
  • Joined: 02-June 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:27 PM

Quote

Except the analogy isn't valid as the OP didn't ask how. He/she only asked about what type it was, how successful it was, etc.

Oh.. Ok. So this would just be about meeting some other people that were successful at making malware, or meeting those that had issues.

Malwares are landmines for the cyber landscape.
Looking to meet people good at making them, learning what went well and what pitfalls they faced is paramount to forming a cell of people with experience at making I.E.D.s in the physical world.

There is a reason Homeland Security and the FBI have their own dedicated divisions for fighter cyber terrorism. Personally I see no reason why DIC should come to their attention in a negative way by offering a safe haven for such people to discuss those topics by skirting the reality with talk of "hypothetical" or "research to learn to stop it" when we all know that's not how it is used.

Little kids are curious about electric outlets too. They like to try them out with metal forks and such.

There is no real and genuine need for 99.9% of coders to have to do keylogging or to secretly obtain keypresses without the user knowing. If you want to make a hotkey for your application there are a half dozen legit ways to do it.
Was This Post Helpful? -1
  • +
  • -

#13 xclite  Icon User is offline

  • LIKE A BOSS
  • member icon


Reputation: 915
  • View blog
  • Posts: 3,195
  • Joined: 12-May 09

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:28 PM

*
POPULAR

Yes the OP is going to meet with these people, and these people are all going to provide full strategies for making malware if he asks. Or maybe we could all stop acting like the ridiculous department of homeland security and labeling everything as terrorism and a threat to our ways of life and act like adults.

View PosttlhIn`toq, on 08 March 2011 - 03:27 PM, said:

There is no real and genuine need for 99.9% of coders to have to do keylogging or to secretly obtain keypresses without the user knowing. If you want to make a hotkey for your application there are a half dozen legit ways to do it.

A security research project at my university used a form of interrupt processing similar to keylogging to detect when unauthorized requests are sent out. Just because your terrified opinion of these skills doesn't have a use for them doesn't mean it's not important. Dude got a fellowship for his work.

This post has been edited by xclite: 08 March 2011 - 01:29 PM

Was This Post Helpful? 6
  • +
  • -

#14 lordofduct  Icon User is offline

  • I'm a cheeseburger
  • member icon


Reputation: 2538
  • View blog
  • Posts: 4,641
  • Joined: 24-September 10

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:37 PM

I'm still with xclite, the topic was not about requesting code. Actually the OP specifically stated he didn't want that:

Quote

I know DIC does not support help in these areas but i am not asking about code but more about experience.


Yes, there is a 'possibility' that through such a discussion, he can discover who is skilled at writing malware, and then maybe contact those individuals, and then those individuals might possibly respond, and with the SLIMMEST of chances actually lend some tidbits of knowledge in the actual making of the things. But I mean come on, anyone who actually has useful info to pass on, do you think they're going to just give it to the first person that comes and 'asks'?

But alas there is far more effective methods of scowering the web and getting that type of information. And if we're going to shut down a conversation just because possibly the OP has ulterior motives.... but wait does that mean xclite and I have ulterior motive? I don't think we do, xclite is a long standing member of the community, and I hope to be a long standing member of the community. Yet we want to discuss it? Is that not then valid?

This post has been edited by lordofduct: 08 March 2011 - 01:38 PM

Was This Post Helpful? 1
  • +
  • -

#15 xclite  Icon User is offline

  • LIKE A BOSS
  • member icon


Reputation: 915
  • View blog
  • Posts: 3,195
  • Joined: 12-May 09

Re: Have you ever written a malware?

Posted 08 March 2011 - 01:40 PM

View Postlordofduct, on 08 March 2011 - 03:37 PM, said:

But alas there is far more effective methods of scowering the web and getting that type of information.

A good point, but even more true is that it wouldn't even require scouring. It would be far easier to google it than to ask somebody here (WHICH DIDN'T EVEN HAPPEN!).

This post has been edited by xclite: 08 March 2011 - 01:40 PM

Was This Post Helpful? 1
  • +
  • -

  • (7 Pages)
  • +
  • 1
  • 2
  • 3
  • Last »