Obfuscating Malware Signatures to Make Them Unrecognied by Malware Scanners

fourthdimension

Hey All

My first post here. I thought you all might find this interesting. I was doing some malware research today and came across a tutorial about how to use a hex editor and file splitter to change the signature of a virus/trojan/etc to make it undetected by malware scanners. I never realized how simple it is to pass an existing virus by security software. Makes me glad I'm running Linux. lol I just found I can't post links, so if you query google for "how to make a virus undetectable hex editor", the tutorial I read will be the first result. Hope you all find it interesting.

neo_vi

pretty interesting of course. there is an other way to make things undetectable. protecting the file with 'software passport'. But it needs a lot of work. But i found the above thing much easier. nice info.
I think even when protected, it will get caught when advanced heuristic scan is performed, or the when the file tries to open. Not sure.

hanleyhansen

Looks like an interesting article. Unfortunately everything here in school is blocked lol but I'll check it out when I get home.

fourthdimension

Quote:

Originally Posted by hanleyhansen
Looks like an interesting article. Unfortunately everything here in school is blocked lol but I'll check it out when I get home.

Set up an ssh server on your home computer, install putty and firefox to your flash drive, then set firefox to tunnel through your ssh connection

hanleyhansen

I tried that with IE but editing proxy settings was disabled in the school network. Also I don't have administrative rights to install Firefox anyway. Btw if you can think of any more hacks or tricks I can try to get around the proxy please let me know. Me and my network admin play a game where I try to exploit or find a loop hole in security and then he patches it up but recently I've been quiet because I'm out of ideas.

fourthdimension

I meant installing firefox to your thumb drive. Look into portable apps.

hanleyhansen

Yea that worked thanks. Anymore ideas? How can I penetrate the network or something?

fourthdimension

Sorry. I don't answer the "hack my school" questions. How to bypass excessive access restrictions? Sure, but not much beyond that. It's just too tough to verify that the people asking have the proper permission to hack the network.

hanleyhansen

Lol. I understand.

fourthdimension Ambitious contributor
12Jan2009,23:42	#1
	Hey All My first post here. I thought you all might find this interesting. I was doing some malware research today and came across a tutorial about how to use a hex editor and file splitter to change the signature of a virus/trojan/etc to make it undetected by malware scanners. I never realized how simple it is to pass an existing virus by security software. Makes me glad I'm running Linux. lol I just found I can't post links, so if you query google for "how to make a virus undetectable hex editor", the tutorial I read will be the first result. Hope you all find it interesting.

neo_vi Invasive contributor
13Jan2009,11:01	#2
	pretty interesting of course. there is an other way to make things undetectable. protecting the file with 'software passport'. But it needs a lot of work. But i found the above thing much easier. nice info. I think even when protected, it will get caught when advanced heuristic scan is performed, or the when the file tries to open. Not sure.

hanleyhansen Pro contributor
27Jan2009,21:09	#3
	Looks like an interesting article. Unfortunately everything here in school is blocked lol but I'll check it out when I get home.

fourthdimension Ambitious contributor
27Jan2009,23:41	#4
	Quote: Originally Posted by hanleyhansen Looks like an interesting article. Unfortunately everything here in school is blocked lol but I'll check it out when I get home. Set up an ssh server on your home computer, install putty and firefox to your flash drive, then set firefox to tunnel through your ssh connection

hanleyhansen Pro contributor
28Jan2009,02:37	#5
	I tried that with IE but editing proxy settings was disabled in the school network. Also I don't have administrative rights to install Firefox anyway. Btw if you can think of any more hacks or tricks I can try to get around the proxy please let me know. Me and my network admin play a game where I try to exploit or find a loop hole in security and then he patches it up but recently I've been quiet because I'm out of ideas.

Obfuscating Malware Signatures to Make Them Unrecognied by Malware Scanners

Already a member?

Not a member yet?

Search Go4Expert

Latest Forum Topics

Find Us On Facebook

Latest Articles

fourthdimension Ambitious contributor
28Jan2009,03:28	#6
	I meant installing firefox to your thumb drive. Look into portable apps.

hanleyhansen Pro contributor
28Jan2009,21:46	#7
	Yea that worked thanks. Anymore ideas? How can I penetrate the network or something?

fourthdimension Ambitious contributor
28Jan2009,22:45	#8
	Sorry. I don't answer the "hack my school" questions. How to bypass excessive access restrictions? Sure, but not much beyond that. It's just too tough to verify that the people asking have the proper permission to hack the network.

hanleyhansen Pro contributor
29Jan2009,01:15	#9
	Lol. I understand.

User Name:		Save
Password