« Sasser: The Last Big Network Worm? | Main | Call for participation - Adaptive and Resilient Computer Security »
More Worm and Virus Source Code
From Wormblog reader Adli Abdul W., more virus and worm source code. The Neworder site contains links to the virus source code for Melissa, ILOVEYOU, and other mass mailers and traditional viruses. Note that these are for educational purposes only, are detected by any decent AV engine, and use only on a testbed network you have the authority to use.So, what can you do with these sorts of things? You can set up a research lab that tests, for example, your detection algorithms and implementations. If you're developing a plugin to a mail client or even a mail server, this can be an invaluable aid in your testbed. If you're testing a new AV signature engine, this is also useful. While the worms themselves aren't all that complex, the techniques they used are still around.
May 20, 2005 in malware , mass mailers, tools | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
I have just been infect by TROJAN_ANAHKA.C which goes by various other names as well. Whilst re-tracing my steps from a clean format to discover where the thing came from (this is my first virus infestation ever because this is a ROOT KERNEL type that hides from virus scanners and windows), I discovered that lsass.exe had been modified. During expermients I discovered that PANDA Anti-Virus software had attemped to modify lsass.exe (a windows kernel component).
You can prove this for yourself by installing "process guard" and then Panda Titantium shareware.
Have the anti-virus companies taken a leaf out of the US/Uk/German government fascism book and created tomorrows virus terrorists for their own agenda?
Log:
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\winlogon.exe [536]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\services.exe [580]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\lsass.exe [592]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\svchost.exe [824]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\svchost.exe [892]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\svchost.exe [1040]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\svchost.exe [1060]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\explorer.exe [1240]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\spoolsv.exe [1368]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\program files\processguard\pgaccount.exe [1468]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\taskswitch.exe [1476]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\ctfmon.exe [1500]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\program files\messenger\msmsgs.exe [1508]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\program files\processguard\procguard.exe [1516]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\windows\system32\alg.exe [1692]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\program files\processguard\dcsuserprot.exe [1712]
Thu 16 - 21:09:56 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavprot.exe [772] was blocked from modifying c:\program files\common files\microsoft shared\vs7debug\mdm.exe [1788]
Thu 16 -
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\smss.exe [448]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\csrss.exe [512]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\winlogon.exe [536]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\services.exe [580]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\lsass.exe [592]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\svchost.exe [824]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\svchost.exe [892]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\svchost.exe [1040]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\svchost.exe [1060]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\explorer.exe [1240]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\spoolsv.exe [1368]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\processguard\pgaccount.exe [1468]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\taskswitch.exe [1476]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\ctfmon.exe [1500]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\messenger\msmsgs.exe [1508]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\processguard\procguard.exe [1516]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\windows\system32\alg.exe [1692]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\processguard\dcsuserprot.exe [1712]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\common files\microsoft shared\vs7debug\mdm.exe [1788]
Thu 16 - 21:09:58 [MODIFY] c:\program files\panda software\panda titanium antivirus 2005\pavsrv51.exe [1908] was blocked from modifying c:\program files\common files\panda software\pavshld\pavprsrv.exe [1888]
Thu 16 - 21:11:12 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run
Posted by: Hershal Arty | Jun 16, 2005 5:43:46 PM
^^
Posted by: therapy | Jun 27, 2005 4:04:05 AM
Yes I got my doom disguised as nolor and when I click on the mcafee fix tool link for nolor it automatically took me to the fix tool for mydoom then I turned on my anti-virus and a mydoom alert came up.
Then I got bloodhound from a Visual Basic install file downloaded from Morpheus and it made it so I could not use ctrl+alt+delete but I think that that could have just been a registry change
When I attempted to restart windows after installing windows updates before windows even initialized it let out loud sound that would not end. and it would not start windows. It just kept on making that sound then I started again and it started just fine.
Posted by: Wonka | Apr 22, 2006 5:46:45 PM
I intrested virues processed
So i gathered more knowledge
Posted by: pugazhendhi.R | Jul 28, 2007 2:08:44 PM
i need a virus program for growth a knowledge about virus. so u please send me a new virus programs for analyze the virus
Posted by: anandh kumaran | Jan 10, 2008 12:32:05 AM
how to write anti-virus program in vb.net.
please help me.
Posted by: guna | Mar 5, 2008 3:00:57 AM
Please send me the various virus source code to know about.....
Posted by: shekhar | Apr 11, 2008 4:20:18 AM
send a virus programing in c language in my mail.
Posted by: subhasis | May 22, 2008 10:31:04 AM
Please send virus source code to my email - gc_gurucharan@yahoo.co.in
Thanks,
Guru
Posted by: Guru | Jun 12, 2008 12:11:50 AM
PLease send me some sourece code of some virus as sonn as it's posible
.. thanks a lot
Posted by: Mike | Jun 17, 2008 2:16:42 PM
Plz. tell me how to code viruses in C,C++ or HTML
Posted by: Anand | Oct 1, 2008 5:48:26 AM
please send me a virus source code in C for analysis
Posted by: dickson | Oct 2, 2008 9:32:12 AM
Please send me a source code of virus. (visual basic language)
please help me! Send to my mail.
Posted by: The troublemaker | Oct 6, 2008 6:16:48 AM
Please send me a source code of virus. (visual basic language)
please help me! Send to my mail.
Posted by: The troublemaker | Oct 6, 2008 6:17:35 AM
Man... look at the previous posts. These guys are full of crap.
Posted by: Sonare | Nov 14, 2008 4:20:18 AM
send me virus program in c programming language on my email to know how just it works....
Posted by: sagar | Jan 19, 2009 1:29:16 AM
its nice to meet u guys plz tell me how to write virus programing in c. If u have any tutorials plz send them to this mail id
Posted by: john | Feb 28, 2009 7:14:16 AM
hey i need a worm or trojan or keylogger...
code in text doc
plz can u send a code to jelle.bosie@gmail.com
grtz jelle
Posted by: jelle | Mar 9, 2009 3:19:12 PM
hey i just want how to hack the others id's and making a virus or worm with sample example program
Posted by: jagadish | Mar 25, 2009 11:43:21 PM
i really want a worm program
Posted by: jagadish | Mar 25, 2009 11:44:17 PM
please send scorce code for virus actuall a bca student iam intrested in virus
Posted by: Praveen | Apr 9, 2009 5:03:57 AM
pls send virus codes to my mailllll.........
Posted by: logu | Apr 9, 2009 9:32:25 AM
Comeon people let's stop creating viruses.they disturb the economic growth of our countries
Posted by: Premo | Apr 26, 2009 4:21:04 PM
please send virus codes to my maillllllllllllll
Posted by: sibi chakkaravarthy | May 23, 2009 6:38:54 PM
i'm a student intereste d in writing virus programmes.....so please send virus codes to my mail
Posted by: sibi chakkaravarthy | May 23, 2009 6:40:10 PM
The comments to this entry are closed.
