Malware Thread!

how would you know if you dont' have antivirus you dumb shithead

>there are people who don't

Its a useless prompt

At least we live in a time where worms who install themselves without any user action are almost impossible.

Most common threats:
>can't find hipster movie
>finally find a shady torrent on a torrent website with zero community input
>movie won't run in mpv
>try a more classic player
>shit.mov needs codec from shittywebsite.com

>get spam
>open .doc in attached files
>Dat macro vulnerability from 6 years ago

>go to compromised website instead of using package manager to download software
>download over http instead of https
>don't check download

>Install shady software

>install cracked game from shaddy torrent
>either crackteam compromised it
>or someone tooke a legit crack and compromised it

Stay away from weird codec, weird emails, don't install unnecessary shits and only from trust-worthy websites and packages managers, only use trust-worth torrent sites with community inputs and everything should be fine. Our OS are more secure that they ever were, the main vulnerability today is us as a user. Just don't be stupid.

>I use no antivirus and have not gotten a virus in years.

Nigger you have gotten dozens lol.

>I still don't understand why the shit idiots still get viruses these days

because
>adobe flash
>adobe PDFs that execute code (fucking smart idea Adobe)
>word files that run macros
>Windows allows a 100kb file to encrypt everything on your HDD

It's literally the first line of defence for blocking any old shit being executed on your machine.
If you disable UAC, you're an embarrassment.

>have not gotten a virus in years
Thing is, you know
You retard
That usually malware, you see
You fucking moron
Usually malware makes an effort to stay hidden.
You blind fuck
Your computer is the most infected one in this thread. Doing nothing doesn't keep you safe from an attack.

I monitor my network traffic for anything suspicious and I know what files I have on my PC. But I assume things slip through the cracks, I haven't noticed anything significant though.

>>adobe flash
Ha this also. Fucking flash.

what do you use to monitor your network traffic?

Fuck you guys are making me rethink my whole life!

Wireshark

Malware programmer here, if you think that it means I've done my job correctly (unless I'm ransoming your ass but I focus on botnets these days, customers don't have the faith in ransomware they had 2-3 years ago so the payoff is poor).

How do you spread you malware; Do you go to a library and infect a few computers and go from there? Send a couple email? Make a shit website?

>movie won't run in mpv
>shit.mov needs codec from shittywebsite.com

Fell for this one for the first time in years, I was devastated.

>Dad sees a good movie is now on DVD
>Asks me to download it
>Find most seeded one on a big public tracker
>Comments look good, big uploader, I download it
>Scan, all good
>It's in .WMV, not seen that in years
>Convert to MP4 for his PS3 (I'll sort him out with fireTV/Kodi soon)
>Scan MP4, still good
>Play, it's 15 seconds of garbage
>Try to play .WMV in VLC
>Visit shittywebsite.com to get your codec
>Nope

How much did I fuck up? I never used WMP or go to the site/try to get the codec/virus, but videos can still manipulate vulnerabilities in players, right? I've done full system scans with Avast and MBAM since, haven't picked anything up as usual.

UAC can be disabled without a UAC prompt
It's literary useless in terms of security

Fucked. Reinstall Windows.

Lol sure

I probably will just to be sure, only takes a couple hours to get everything installed and set up again.

Depends if I'm selling a botnet kit or a ready-to-go botnet, for the latter:
>Find popular torrent
>Use sockpuppets to report it as fake/containing a virus (the irony is beautiful)
>Seed a new one with the 'virus' 'fixed'
>Wait for a few downloads
>Post lots of comments that the infected one works
Seedboxes and scripts for each site make this a lot easier. Usenet is even better, most people will download the latest version of anything so I package popular shit up in a passworded .rar with an unpacker which contains the password and also does some fun stuff in the background.I also have a few seedboxes configured to wreck certain media torrents before aggressively seeding the content after it's been repackaged in a new torrent.

It sounds like a lot of work but it can get a decent sized botnet ready for sale in a couple of hours-days.

UAC is for bumbling retards who try to open .mp3.exe files, I guess if you fit that description you can feel free to keep enabled

This is why you use community-supported trackers not public ones.

The movie file can't do anything. The whole point is to trick you into going to the website and downloading the "codec". If you didn't go there, you're safe. (probably...)

Sounds pretty interesting. What's your language of choice? I assume Java since everyone and their mother has it installed.

>community supported trackers
Are private ones the only way?

No, there are some semi-public ones. You need an account to download, but subscriptions are always open.

I don't know any of this kind in english though…

If you can get into a good one, yes. Otherwise trial and error and a good firewall will get you through public trackers.

>This is why you use community-supported trackers not public ones.

Please, they're even better targets than public trackers because the members have exactly this attitude, which fucks them as badly as common sense [current year] edition.

C++

>It's literally the first line of defence

It's literally the LAST line of defense. First line is don't goto fucking malicious sites like a retarded little 10 year old. Second line is use a fucking adblocker\script blocker. Third line is don't download stupid shit. Fourth line is some kind of active file scanner since you need babysitting on the internet. Fifth line is UAC, unless you want to check MD5 hashes on everything you download like an autist.

Thinking UAC is your first line of defense against malicious files makes YOU a fucking embarrassment. I mean this from the very depth of my soul, get the fuck out of here. You do not belong.

>Let's talk about how malware spreads these days
windows just installs every shit some "printer" on the net advertises as "driver"

It's harder to have access to multiple accounts and even if you have a wikipedia effect as first it never last long. (wikipedia edits get reverted quickly, and torrent get flagged as infected and deleted quickly too). On public trackers compromised files can stay up for ages.

Windows takes security last.

Certainly, on the other hand, people are inherently more trusting on private trackers. The 'unpackers' have a lower success rate there but, oddly, compromised software has a higher success rate than on public trackers.

I suppose you should be careful about the upload time and the number of peers on private/semi-private trackers. On a public one that's won't be enough to protect yourself.

Really good sum up m8.

tell more famalam pls

Why did you start? Curiosity, boredom, or with profit in mind from the start?
I ask because I'm just curious about it and ordered a book on malwares recently (Practical Malware Analysis, from NoStarch, read good reviews about it).

Its also a lot more secure that it used to be.

People forget that we used to have worms that could install themselves into your OS over the network just like that, without even noticing the user of anything. Nowadays the main threat is running an unknown files or being stupid in some way or another. (and flash. flash can still get you infected without user action)

I second this question, I can already program great in java and python and want to program a botnet. I'm more in it for the fun and practice.

There was a download around a day ago that was infected

youtu.be/DD9CvHVU7B4

That's about it. I'm not really happy going into any more detail than a broad overview. Sorry.

Originally, it was to mess with Kimmo Alm. I spent an entire summer fucking with him and anyone who was a regular poster on his bulletin board.

>People forget that we used to have worms that could install themselves into your OS over the network just like that, without even noticing the user of anything. N
it's still the same. windows installs whatever some "printer" on the network advertises as "driver" as the system user without notifying the user.

That's bad. Like really bad. But not as bad as getting infected simply because you have a windows station exposed on the internet. Network travelling worms over the internet used to be very common. Imagine those worms with the kind of payload you can find today.

We've got stuff like Conficker or zeus but this is becoming really really rare.

Ah, yeah, that sure brings some dedication to the task at hand. I guess it's logical to learn quicker with a set goal in mind.

arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/

btw, it works over IPP too

As I said, that's bad. But you still need a foot in you local network. That's not as bad as infecting you directly from the internet like 90's shit or Conficker (which was exploiting the vulnerability AFTER it was patched).

A zeroday that would allow direct from-the-internet total infection of your computer would worth billions.

Which means that your end-user machine is more secure that a lot of servers that runs vulnerable softwares! (koff… wordpress koff koff…)

>But you still need a foot in you local network. That's not as bad as infecting you directly from the internet
nope
> Even more alarmingly, Vectra found that a similar attack can be mounted using features known as the Internet Printing Protocol (IPP) and Web Point-and-Print (webpnp).

>These do very much what the names suggest: they let you treat internet resources – maybe even ones run by third parties outside your network – as virtual printers, and these too can host, deliver and install software in the same way as PRINT$ shares inside your network

nakedsecurity.sophos.com/2016/07/14/pwned-by-your-printer-microsoft-patches-critical-printer-spooler-bug/

Ahahah. Ok. Any known exploit?

other than the nsa exploiting it for ~20 years ? dunno, i'm not into the whole hacking / security scene anymore, so no idea whats currently going on

How long until someone makes some nasty malware that knocks your electricity off for a few hours?

That's not even possible tho
And noone would even try to achieve anything similar because there's no profit off it other than LE LULZ NO ELECTRICTY FUG YOU XDD :^)

Wait until someone find a vulnerability in a smart electric meter.

windows update take more than a couple hours mate.

A smart meter is not like a full blown personal computer or a webserver
The simpler the device/software gets the less possible vulnerabilites there are to be found

Except it is NOT simple. It use very complex protocols and the chance that there is a vulnerability somewhere is very high.

cybersecurity.tudelft.nl/sites/default/files/hdantas-thesis.pdf (first ddg result)

I still don't know how my parents get so much malware. It seems to just magically appear.

The internet of things will also be the internet of vulnerable things. All those smart craps have vulnerabilities.

> Do you trust this printer
No, it runs DOOM

Because they download their shit from Softonic, which appears first on search engines, which pack installers full of the worst crap

Because trying to fap, popups and background downloaders get past my fucking adblock, and i'm too lazy to get proper security for the browser.

Before i know it i have 30K trojans and no way of stopping it.

Goodbye Sup Forums. This guy actually thinks this was and posts here.

I run my fap browser in sandboxie, it has the added benefit of keeping the porn shit separate from the rest

to malware guy,

1st i respect your arts

however, slightly disappointed you include usenet as an exploit channel

that said, if you are pairing with a executable to display rar password, then that doesnt affect me

torrent channel is good tho

i had a m8 ten years ago who had a botnet of around 5000 pcs, he died of drug overdose RIP

He was also working on hijacking microsoft updates ( wifi attack ) and inserting rogue code at the time before his passing

long live the black arts.

peace

oh fucking shit i forgot about sandboxie.

My nigga user, thank you for this glorious reminder.

How difficult would it be to install a fresh OS on a HDD partition and make it impossible to interact with the rest of your partitions?

I have my OS on my SSD and a HDD drive for storage. But I'm hardly using any of the HDD. Could I not just make a partition on it and fill it with whatever cracked software crap, knowing there's no files worth stealing and I can wipe the partition regularly? Or could malware still infect my main OS that way?

just run a vm

to people who say smart devices are safe due to simplicity, actually wrong

alot of oems fall back on various old builds of linux as the out of factory smart device os.

updates are infrequent and they also fall back on alot of open libs, which also do not receive smart device updates

old samsung smart tvs can have their cameras remotely turned on

current and old samsung snart tvs have screensharing and remote access that customers dont know exists

smart devices are vulnerable as fuck

But nothing will run as well as it could. Muh Gaymes.

What if something Hollywood-tier happened, and some 1337 ninja hackers broke into Microsoft databases to integrate a virus into the next update?

Sure, it's nearly impossible that it would happen, but the vast majority of computers in the world could go down in a very short span of time.

this is what my dead friend was working on, but in his case, it was targetted to specific pcs and spoofed a win update with rogue code, if i remeber correctly, inserting rogue code into a genuine update as a man in the middle style hijack and the update would still perform it's win update function and be a genuine service pack number

he wasnt in ms servicers

user would be none the wiser

* he wasnt in ms servers

Efficient, but still lacks global effect.
How did he manage to get between the update and the user anyway?

for myself im not sure all the requires steps just that he told me that was what he was up to.

he moved from austrlia to los angeles as blackhat, he died in LA

australia

>my friend was a leet haxxor and infiltrated windows update
>but he never actually got it working because he uh died
Either you're making this up or he was

I've thought about this once or twice, what if microsoft or google got fucked beyond repair? What kind of chaos would happen with the first world countries that rely so much on them for everything?

all i can say is he never lied to me in australia so i dont see why he'd lie to me from LA, unless drugs make people suddenly lie out of the blue.

not everything in this life is bullshit

pretty much this, that's why i keep using the same antivirus since i was a little boy, COMMONSENSE 2016

is pokemon go malware? everyone won't shut the fuck up about it and keep telling me to get it but i haven't checked if it's safe yet

>popular with normalfags
>GPS
take a guess

i thought we had established a long time ago that apps arent needed to pinpoint a smart phone location to a square area, just a single instance of data in or out such as clock sync to network. am i wrong?

Yes they shouldn't run any locked shit
sel4.systems/ only way to go for IoT

i somehow managed to pick up a cpu bitcoin miner and something that randomly changed my DNS in chrome, was weird

You aren't wrong, and there's also strong evidence that the baseband is compromised, which compromises all cellphones

But le pokemon conspiracy

>using outdated and insecure software like IE8 or Windows XP.

>"Taylor Swift - Bad blood.scr"

>downloading files from untrusted torrents

>a 18 year old blonde girl on Facebook wants to show you her nacked photos with .exe extensions.

>not showing extentions

my_wet_clunge.jpg.exe

Pretty sure there's virtualization methods these days with >90% efficiency, but I don't know any details. Also you can pass-through your graphics card so the guest OS gets exclusive control of it (requiring a second monitor, i think).

I haven't gotten any malware in 5+ years. I think I only got 2 in my life.

>not showing extensions is default behavior in windows
>.exe files can have an icon that makes it look like a photo.

I'm baffled with how windows harbors still so much malware

just install gentoo

It comes via Windows Update now, and will install without permission and wipe out your boot sector and/or MBR.