Just started my malware collection with CIH, ILOVEYOU and Stuxnet, trying to decide what to pick up next

I tested ILOVEYOU, I know thats legit. And since they are all from the same pentesting database, I assume the rest are too.

Not that I can test CIH obviously, since it physically destroys your computer permanently and irreversibly.

Isn't there a torrent with a collection of viruses? I remember hearing about it.

youtube.com/watch?v=LSgk7ctw1HY

>Not that I can test CIH obviously, since it physically destroys your computer permanently and irreversibly.
I'm not a techfag, but I find myself fairly interested in this thread. Can you explain how it does that?

Short TLDR:

When CIH infects files, it checks to see whether there are enough gaps to completely store its code, rather than simply writing its code to the end of the file and increasing file size. If it has enough space, CIH will infect the file without increasing file size. If it does not, CIH will ignore the file, giving it better ability to further infect a user's computer without the user noticing anything

On April 26th (which is the anniversary of the Chernobyl disaster, hence its alternate name), CIH activates, overwriting part of the BIOS (Basic Input Output System) and overwriting the first megabyte of all hard disks in an endless loop, causing the computer to crash. Once rebooted, the BIOS is corrupted and will no longer display anything on the screen or initiate the boot sequence, rendering the computer unusable.

Thank you for the explanation.
How is it possible to get infected by this?

Most common method back them (1998) was to sneak it into a videogame or software update, so the user would run the application thinking it was something else.

Wikipedia says:

The virus first emerged in 1998... ...On December 31, 1999, Yamaha shipped a Software update to their CD-R400 drives that was infected with the virus. In October 2000, a demo version of the first-person shooter game SiN was infected by one of its mirror sites.[6] In March 1999, several thousand IBM Aptivas shipped with the CIH virus,[7] just one month before the virus would trigger.

Morris worm.
Stoned.
Sasser.
Mydoom.
Conficker.
Melissa.
Cryptolocker.

Collecting things as a hobby does not qualify as autism.

>melissa
Can't believe I forgot about that one. I'll nab it now.

See: danooct1 on YouTube
He's a bit cancerous, but you can go find more "Famous" viri there.

Anyone have a list of the computer models CIH can affect? I had it on a diskette a while back, but said diskette has either gone bad or gone missing by now.

>danooct1
>cancerous

Explain yourself.

So would that work with a UEFI board?

The explanation is probably worse, but he's the kind of person to ban you for asking his sources.

I mean ban as in block or delete your post.

Its because if he leaves those comments up his YT channel gets b& i think

>Collecting things as a hobby does not qualify as autism.

Collecting stuff is literally one of the main symptoms of autism.

>no Nimda
>no Code Red

Comments asking for where he gets his information and the viruses?

The viruses I can see, but information?

You're like that kid in the movie that shoots up his school with a bow and arrow.

I was infected with some kind of Chinese Trojan a few months ago. I clicked the .exe (yeah yeah), first thing it did was disable MSE, then it downloaded a payload from the net which gave me a chinese popup in tray, then Windows notified me that UAC was disabled and prompted me for a reboot.

I shut down the machine, extracted the .exe and reformatted.

If anyone is interested I can upload it somewhere..

We Have To Talk About Kevin iirc

It does not work on pretty much any board made after 2002.

yes please, upload

Okay, hold on.

>he's right though

kys Senpai

"A gives a predisposition to B" does not imply "if B is present, A must also be present".

Inappropriately generalizing things is also a symptom of autism.

Imagine actually installing that and finding out you have a duplicate of 3400 or that there is one diskette missing.

Kek

Here it is:

WARNING THIS FILE CONTAINS A VIRUS

goo[d0t]gl/4M1Un4

the password is:

warningthisarchivecontainsavirus

If any of you wizards can identify it I'd like to know what it is.

I've heard some can breach VMs though, so I'm too scared to run it.

Holy shit, I was expecting a notepad file with some bullshit in it or a survey, but it looks like user came through.

I'll run it under some VMs or something later and send results if I remember to.

It's probably just some more ransomware.
>some can breach VMs
I have plenty of shitty laptops lying around for this very purpose, so fear not user, I will take the 3 hour long XP reinstall for you

Just for the record, I take no responsibility for any damages.

I posted this just for educational purposes.

I did not make this virus.

virustotal.com/en/file/8b874e8c9ecdb92f0e4ecee49102ede1c074a1c03a76555dacef92bd72e444ee/analysis/1478130424/
Seems to just be adware, at least going by these detections.

That's fine, if you think I need to I can disconnect it from the internet, too.

is this for real lmao

>Breaching VM's

Wait is this really a possible/common? There I was under the impression using VM's would be safe.

Well, it disabled security essentials and UAC on my fully updated Windows 10 machine within 30 seconds of running it. That's some potent adware.

More likely it's being detected by heuristics or what ever it's called, which is basically guesswork.

I'm not sure, but since some can spread over the network (Sasser?), the VM, being on the network, is (in theory, at least) able to spread to the host.

that's a weird of a pendrive

The software it is claiming to be is used for managing scientific citations. So the target of what ever this is is likely academics or academic institutions..

The results are all over the map, this is a strong indicator that nobody knows what it is. If it was well known they would all identify it as the same.

I think the MEMZ virus hits pretty hard. Uncle Joel used it in a W10 destruction video and it fucked up everything in the VM

VENOM could do this

i don't really get it, whats so special about it ? there are (or probably were) websites where you could download malware archives with binarys, source if available, etc

Sircam. en.wikipedia.org/wiki/Sircam

I got hired for a short-term gig to clean it up back in 2003 at a notable defense contractor's multiple sites around my city.

>Inappropriately generalizing things is also a symptom of autism.

Wrong, it's actually the very opposite.

Nothing special. I just like being able to notable or impressive pieces of malware as a physical object I can touch or frame or whatever.

Why arent virus infections more common?

I have a few dodgy exes, two of them get a positive result with clamav

one of them is an exe from those "free (insert online game) money"-programs, but does not give any positive results. I guess it is just phishing.

most of them are supposed to be these cute animals that follow your cursor around

People are more aware about internet safety (dont download strange .exes, etc)

Antivirus software is both almost ubiquitous and more advanced.

Mainstream OS's are more idiotproof than they used to be, and flash up more warning messages and stuff than they used to.

Cybercrime is treated more harshly and investigated more effectively.

Virus infections still are common, but they go after the lowhanging fruit of complete tech retards, so neither you or your friends are likely to experience one.

Its very rare for something to actually break out of the VM. Most rely on shared folders or networks to get out of the VM so make sure you have them properly configured before fucking around with anything.

Okay then I'm gonna run it. In case it actually can break out of a VM I'm gonna run it in Bochs instead. Slow as hell, but it's a proper interpreting emulator. Worst it can do in there should be crash the Bochs process unless it's specifically designed to exploit a vuln in this specific version of Bochs.

Thank you for this non-meme answer, brother.

It's because he's sick of skids asking for malware.

Also he gets his shit from VX Heavens.

Even if it had access to a shared directory, it would just mess up the directory right?

If it has internet access, it could probably infect hosts on the internet, which is the main problem with the malware-acquarium meme.

So I guess you also need to isolate it to its own network (or completely firewall it off).

The only problem remaining I see is exploiting a vulnerability in the vm, or if you somehow gave the vm access to hardware, and it manages to somehow rewrite firmware or exploit the hardware.

Welp... At least in XP with no network connection, it seems to do nothing. Runs for about half a second and disappears with no visible changes.

Think I'm gonna try with Win7 in a pretty locked down VMware VM. Win7 in Bochs sounds like torture.

Forgot to mention as well. Look at his forum for the viewer submitted malware. He's always getting sent "malware" written in msbatch by skids.

it probably knows it's inside a VM and won't execute

It might need internet access to download payloads, and without it it may just lie dormant. Or it could know it's in a VM and do nothing.

Newton "virus"

Is that the one they used for phreaking due to its pitch?

It only destroys your BIOS' programming. If you can re-flash, then it'll be okay. If you run it in a VM, you'll definitely be okay.

Not that user but I think so.

Yep.

Grab the hashes and see if the Virus Total scanners find anything.

Yeah the vxheaven collection which is around 64 GB. You can find the dl link easily on internet archive

All the AV in virustotal just lists it as generic adware

where did you even download this shit man

Just means it didn't get a match.

Didn't someone make a bolbi virus also?

Seems to download from get.fc-gosh.biz/launch_askar.php which seems to supposed to redirect to a stub generator to "installersetup.exe". Do you still have this file? the domain it generates from is no longer up

Hey, I have access to something called VirusShare that my friend has invited me into which has tons of viruses on it. If you want, I can invite (only 3) people to this. I just need your email

windows *

you can go to jail and get your life fuck up for that

So what are the chances of malware spreading between two partitions of separate windows 7? Neither partition mounts the other drive.

> I take no responsibility for any damages.
that's not valid in court

that Pikachu Virus from the late 90s.

en.wikipedia.org/wiki/Pikachu_virus

# md5sum *
21407d5d9f70c33d7e129bf45b7f0728 xo.exe

>Windows notified me that UAC was disabled

Some viruses can break out of the VM and into your BIOS.

Examples?

The Creeper (1971!), which wasnt so much a real virus, but basically a test of the theory of self replicating programs. it copied itself between computers, and all it did was display the message "I'm the Creeper: Catch me if you can".

"The Reaper" was later created to delete Creeper

thats actually a real neat hobby, user

people who oppose pirating can really learn a thing or too about the history of phreaking.
Same problem but different service.

I remeber there was a proof of concept that won some Google award, or something. It brokeout of VM and messed things up, not too badly, but it showed that it could be done, big deal at the time as Google was investing in new VM security setups or something like that.
If modifed and combined with other code for permission esculation. There no reason to think it couldn't edit firmware, but never haerd of some final form being made. But wouldn't be suprised if the CIA or rogue hack took it all the way by now.

you should get AIDS, you fuccing faggot.

...

wtf

>no cited sources
LOL

And too think piracy lends its roots to a blind 7 year old kid. Staggering.