1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Obfuscating Malware Signatures to Make Them Unrecognied by Malware Scanners

Discussion in 'Ethical hacking' started by fourthdimension, Jan 12, 2009.

  1. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    Hey All

    My first post here. I thought you all might find this interesting. I was doing some malware research today and came across a tutorial about how to use a hex editor and file splitter to change the signature of a virus/trojan/etc to make it undetected by malware scanners. I never realized how simple it is to pass an existing virus by security software. Makes me glad I'm running Linux. lol I just found I can't post links, so if you query google for "how to make a virus undetectable hex editor", the tutorial I read will be the first result. Hope you all find it interesting.
     
  2. neo_vi

    neo_vi Member

    Joined:
    Feb 1, 2008
    Messages:
    722
    Likes Received:
    15
    Trophy Points:
    18
    Occupation:
    Software engineer
    Location:
    Earth
    Home Page:
    pretty interesting of course. there is an other way to make things undetectable. protecting the file with 'software passport'. But it needs a lot of work. But i found the above thing much easier. nice info.
    I think even when protected, it will get caught when advanced heuristic scan is performed, or the when the file tries to open. Not sure.
     
  3. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    Looks like an interesting article. Unfortunately everything here in school is blocked lol but I'll check it out when I get home.
     
  4. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    Set up an ssh server on your home computer, install putty and firefox to your flash drive, then set firefox to tunnel through your ssh connection ;)
     
  5. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    I tried that with IE but editing proxy settings was disabled in the school network. Also I don't have administrative rights to install Firefox anyway. Btw if you can think of any more hacks or tricks I can try to get around the proxy please let me know. Me and my network admin play a game where I try to exploit or find a loop hole in security and then he patches it up but recently I've been quiet because I'm out of ideas.
     
  6. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    I meant installing firefox to your thumb drive. Look into portable apps.
     
  7. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    Yea that worked thanks. Anymore ideas? How can I penetrate the network or something?
     
  8. fourthdimension

    fourthdimension New Member

    Joined:
    Jan 8, 2009
    Messages:
    144
    Likes Received:
    11
    Trophy Points:
    0
    Home Page:
    Sorry. I don't answer the "hack my school" questions. How to bypass excessive access restrictions? Sure, but not much beyond that. It's just too tough to verify that the people asking have the proper permission to hack the network.
     
  9. hanleyhansen

    hanleyhansen New Member

    Joined:
    Jan 24, 2008
    Messages:
    336
    Likes Received:
    8
    Trophy Points:
    0
    Occupation:
    Drupal Developer/LAMP Developer
    Location:
    Clifton
    Home Page:
    Lol. I understand.
     

Share This Page