Malware Thread! Let's talk about how malware spreads these

File: [DBNL]M.D._Geist_Director's_Cut_[x264][2639BBE0].mkv_snapshot_19.35_[2016.08.02_07.37.50].jpg (47KB, 640x480px) Image search: [Google]

47KB, 640x480px

I get all of my software from FOSSHub, I won't ever get into trouble.

Shit's secure.

Most malware spreads through your browser in some way. Your email provider's spam filter is generally pretty decent at avoiding malicious emails. If you've got an adblocker and only visit a handful of sites you're not likely to get infected from malicious ads.

At that point, your only real risk is running "hotRussianPorn.mp4.exe", which I hope you're not stupid enough to do.

File: 1413044419325.jpg (98KB, 900x900px) Image search: [Google]

98KB, 900x900px

>>55902110

File: poker-face.jpg (60KB, 510x427px) Image search: [Google]

60KB, 510x427px

>>55902110
Top choice.

File: 1455846572224.jpg (389KB, 1284x980px) Image search: [Google]

389KB, 1284x980px

>there are people on /g/ that disable UAC

>>55902110
>>55902151
>>55902165
http://www.ghacks.net/2016/08/03/attention-fosshub-downloads-compromised/

topkek

>>55902258
That's the joke.

Anyone seen Cryptowall / cryptolocker recently?

Our clients still get it from time to time, but blocking .docm and .zip in Exchange really helped.

I still don't understand why the shit idiots still get viruses these days, or how a botnet of 10000+ computers exist.

>>55902064
how would you know if you dont' have antivirus you dumb shithead

>>55902205
>there are people who don't

Its a useless prompt

>>55902064
At least we live in a time where worms who install themselves without any user action are almost impossible.

Most common threats:
>can't find hipster movie
>finally find a shady torrent on a torrent website with zero community input
>movie won't run in mpv
>try a more classic player
>shit.mov needs codec from shittywebsite.com

>get spam
>open .doc in attached files
>Dat macro vulnerability from 6 years ago

>go to compromised website instead of using package manager to download software
>download over http instead of https
>don't check download

>Install shady software

>install cracked game from shaddy torrent
>either crackteam compromised it
>or someone tooke a legit crack and compromised it

Stay away from weird codec, weird emails, don't install unnecessary shits and only from trust-worthy websites and packages managers, only use trust-worth torrent sites with community inputs and everything should be fine. Our OS are more secure that they ever were, the main vulnerability today is us as a user. Just don't be stupid.

>>55902064

>I use no antivirus and have not gotten a virus in years.

Nigger you have gotten dozens lol.

>>55902355
>I still don't understand why the shit idiots still get viruses these days

because
>adobe flash
>adobe PDFs that execute code (fucking smart idea Adobe)
>word files that run macros
>Windows allows a 100kb file to encrypt everything on your HDD

>>55902379
It's literally the first line of defence for blocking any old shit being executed on your machine.
If you disable UAC, you're an embarrassment.

>>55902064
>have not gotten a virus in years
Thing is, you know
You retard
That usually malware, you see
You fucking moron
Usually malware makes an effort to stay hidden.
You blind fuck
Your computer is the most infected one in this thread. Doing nothing doesn't keep you safe from an attack.

>>55902371
I monitor my network traffic for anything suspicious and I know what files I have on my PC. But I assume things slip through the cracks, I haven't noticed anything significant though.

>>55902417
>>adobe flash
Ha this also. Fucking flash.

>>55902467
what do you use to monitor your network traffic?

File: 1434335632982.gif (1MB, 320x234px) Image search: [Google]

1MB, 320x234px

>>55902403
Fuck you guys are making me rethink my whole life!

>>55902467
Wireshark

Malware programmer here, if you think that it means I've done my job correctly (unless I'm ransoming your ass but I focus on botnets these days, customers don't have the faith in ransomware they had 2-3 years ago so the payoff is poor).

>>55902535
How do you spread you malware; Do you go to a library and infect a few computers and go from there? Send a couple email? Make a shit website?

>>55902380
>movie won't run in mpv
>shit.mov needs codec from shittywebsite.com

Fell for this one for the first time in years, I was devastated.

>Dad sees a good movie is now on DVD
>Asks me to download it
>Find most seeded one on a big public tracker
>Comments look good, big uploader, I download it
>Scan, all good
>It's in .WMV, not seen that in years
>Convert to MP4 for his PS3 (I'll sort him out with fireTV/Kodi soon)
>Scan MP4, still good
>Play, it's 15 seconds of garbage
>Try to play .WMV in VLC
>Visit shittywebsite.com to get your codec
>Nope

How much did I fuck up? I never used WMP or go to the site/try to get the codec/virus, but videos can still manipulate vulnerabilities in players, right? I've done full system scans with Avast and MBAM since, haven't picked anything up as usual.

>>55902446
UAC can be disabled without a UAC prompt
It's literary useless in terms of security

>>55902645
Fucked. Reinstall Windows.

>>55902131
Lol sure >>55902131
>>55902258

>>55902678
I probably will just to be sure, only takes a couple hours to get everything installed and set up again.

>>55902612

Depends if I'm selling a botnet kit or a ready-to-go botnet, for the latter:
>Find popular torrent
>Use sockpuppets to report it as fake/containing a virus (the irony is beautiful)
>Seed a new one with the 'virus' 'fixed'
>Wait for a few downloads
>Post lots of comments that the infected one works
Seedboxes and scripts for each site make this a lot easier. Usenet is even better, most people will download the latest version of anything so I package popular shit up in a passworded .rar with an unpacker which contains the password and also does some fun stuff in the background.I also have a few seedboxes configured to wreck certain media torrents before aggressively seeding the content after it's been repackaged in a new torrent.

It sounds like a lot of work but it can get a decent sized botnet ready for sale in a couple of hours-days.

>>55902446
UAC is for bumbling retards who try to open .mp3.exe files, I guess if you fit that description you can feel free to keep enabled

>>55902773
This is why you use community-supported trackers not public ones.

>>55902645
The movie file can't do anything. The whole point is to trick you into going to the website and downloading the "codec". If you didn't go there, you're safe. (probably...)

>>55902773
Sounds pretty interesting. What's your language of choice? I assume Java since everyone and their mother has it installed.

>>55902846
>community supported trackers
Are private ones the only way?

>>55902872
No, there are some semi-public ones. You need an account to download, but subscriptions are always open.

I don't know any of this kind in english though…

>>55902872
If you can get into a good one, yes. Otherwise trial and error and a good firewall will get you through public trackers.

>>55902846
>This is why you use community-supported trackers not public ones.

Please, they're even better targets than public trackers because the members have exactly this attitude, which fucks them as badly as common sense [current year] edition.

>>55902848
C++

>>55902446
>It's literally the first line of defence

It's literally the LAST line of defense. First line is don't goto fucking malicious sites like a retarded little 10 year old. Second line is use a fucking adblocker\script blocker. Third line is don't download stupid shit. Fourth line is some kind of active file scanner since you need babysitting on the internet. Fifth line is UAC, unless you want to check MD5 hashes on everything you download like an autist.

Thinking UAC is your first line of defense against malicious files makes YOU a fucking embarrassment. I mean this from the very depth of my soul, get the fuck out of here. You do not belong.

>>55902064
>Let's talk about how malware spreads these days
windows just installs every shit some "printer" on the net advertises as "driver"

>>55902926
It's harder to have access to multiple accounts and even if you have a wikipedia effect as first it never last long. (wikipedia edits get reverted quickly, and torrent get flagged as infected and deleted quickly too). On public trackers compromised files can stay up for ages.

>>55903007
Windows takes security last.

>>55903032
Certainly, on the other hand, people are inherently more trusting on private trackers. The 'unpackers' have a lower success rate there but, oddly, compromised software has a higher success rate than on public trackers.

>>55903120
I suppose you should be careful about the upload time and the number of peers on private/semi-private trackers. On a public one that's won't be enough to protect yourself.

>>55902981
Really good sum up m8.

>>55903120
tell more famalam pls

>>55902773
Why did you start? Curiosity, boredom, or with profit in mind from the start?
I ask because I'm just curious about it and ordered a book on malwares recently (Practical Malware Analysis, from NoStarch, read good reviews about it).

>>55903066
Its also a lot more secure that it used to be.

People forget that we used to have worms that could install themselves into your OS over the network just like that, without even noticing the user of anything. Nowadays the main threat is running an unknown files or being stupid in some way or another. (and flash. flash can still get you infected without user action)

>>55903222
I second this question, I can already program great in java and python and want to program a botnet. I'm more in it for the fun and practice.

>>55902110
There was a download around a day ago that was infected

https://youtu.be/DD9CvHVU7B4

>>55903208
That's about it. I'm not really happy going into any more detail than a broad overview. Sorry.

>>55903222
Originally, it was to mess with Kimmo Alm. I spent an entire summer fucking with him and anyone who was a regular poster on his bulletin board.

>>55903244
>People forget that we used to have worms that could install themselves into your OS over the network just like that, without even noticing the user of anything. N
it's still the same. windows installs whatever some "printer" on the network advertises as "driver" as the system user without notifying the user.

>>55903283
That's bad. Like really bad. But not as bad as getting infected simply because you have a windows station exposed on the internet. Network travelling worms over the internet used to be very common. Imagine those worms with the kind of payload you can find today.

We've got stuff like Conficker or zeus but this is becoming really really rare.

>>55903276
Ah, yeah, that sure brings some dedication to the task at hand. I guess it's logical to learn quicker with a set goal in mind.

>>55903349
http://arstechnica.com/security/2016/07/20-year-old-windows-bug-lets-printers-install-malware-patch-now/

btw, it works over IPP too

>>55903406
As I said, that's bad. But you still need a foot in you local network. That's not as bad as infecting you directly from the internet like 90's shit or Conficker (which was exploiting the vulnerability AFTER it was patched).

A zeroday that would allow direct from-the-internet total infection of your computer would worth billions.

Which means that your end-user machine is more secure that a lot of servers that runs vulnerable softwares! (koff… wordpress koff koff…)

>>55903519
>But you still need a foot in you local network. That's not as bad as infecting you directly from the internet
nope
> Even more alarmingly, Vectra found that a similar attack can be mounted using features known as the Internet Printing Protocol (IPP) and Web Point-and-Print (webpnp).

>These do very much what the names suggest: they let you treat internet resources – maybe even ones run by third parties outside your network – as virtual printers, and these too can host, deliver and install software in the same way as PRINT$ shares inside your network

https://nakedsecurity.sophos.com/2016/07/14/pwned-by-your-printer-microsoft-patches-critical-printer-spooler-bug/

>>55903564
Ahahah. Ok. Any known exploit?

>>55903617
other than the nsa exploiting it for ~20 years ? dunno, i'm not into the whole hacking / security scene anymore, so no idea whats currently going on

How long until someone makes some nasty malware that knocks your electricity off for a few hours?

>>55903734
That's not even possible tho
And noone would even try to achieve anything similar because there's no profit off it other than LE LULZ NO ELECTRICTY FUG YOU XDD :^)

Wait until someone find a vulnerability in a smart electric meter.

>>55902733
windows update take more than a couple hours mate.

>>55904750
A smart meter is not like a full blown personal computer or a webserver
The simpler the device/software gets the less possible vulnerabilites there are to be found

>>55904914
Except it is NOT simple. It use very complex protocols and the chance that there is a vulnerability somewhere is very high.

http://cybersecurity.tudelft.nl/sites/default/files/hdantas-thesis.pdf (first ddg result)

I still don't know how my parents get so much malware. It seems to just magically appear.

>>55904951
>>55904914
The internet of things will also be the internet of vulnerable things. All those smart craps have vulnerabilities.

File: 1457360226331.jpg (122KB, 500x551px) Image search: [Google]

122KB, 500x551px

>>55902064
> Do you trust this printer
No, it runs DOOM

>>55904958
Because they download their shit from Softonic, which appears first on search engines, which pack installers full of the worst crap

File: Eyes.gif (240KB, 500x282px) Image search: [Google]

240KB, 500x282px

Because trying to fap, popups and background downloaders get past my fucking adblock, and i'm too lazy to get proper security for the browser.

Before i know it i have 30K trojans and no way of stopping it.

>>55902981
Goodbye /g/. This guy actually thinks this was and posts here.

>>55905077
I run my fap browser in sandboxie, it has the added benefit of keeping the porn shit separate from the rest

to malware guy,

1st i respect your arts

however, slightly disappointed you include usenet as an exploit channel

that said, if you are pairing with a executable to display rar password, then that doesnt affect me

torrent channel is good tho

i had a m8 ten years ago who had a botnet of around 5000 pcs, he died of drug overdose RIP

He was also working on hijacking microsoft updates ( wifi attack ) and inserting rogue code at the time before his passing

long live the black arts.

peace

File: Boop.gif (657KB, 500x225px) Image search: [Google]

657KB, 500x225px

>>55905233
oh fucking shit i forgot about sandboxie.

My nigga anon, thank you for this glorious reminder.

How difficult would it be to install a fresh OS on a HDD partition and make it impossible to interact with the rest of your partitions?

I have my OS on my SSD and a HDD drive for storage. But I'm hardly using any of the HDD. Could I not just make a partition on it and fill it with whatever cracked software crap, knowing there's no files worth stealing and I can wipe the partition regularly? Or could malware still infect my main OS that way?

>>55905417
just run a vm

>>55905301

to people who say smart devices are safe due to simplicity, actually wrong

alot of oems fall back on various old builds of linux as the out of factory smart device os.

updates are infrequent and they also fall back on alot of open libs, which also do not receive smart device updates

old samsung smart tvs can have their cameras remotely turned on

current and old samsung snart tvs have screensharing and remote access that customers dont know exists

smart devices are vulnerable as fuck

>>55905421
But nothing will run as well as it could. Muh Gaymes.

What if something Hollywood-tier happened, and some 1337 ninja hackers broke into Microsoft databases to integrate a virus into the next update?

Sure, it's nearly impossible that it would happen, but the vast majority of computers in the world could go down in a very short span of time.

>>55905561
this is what my dead friend was working on, but in his case, it was targetted to specific pcs and spoofed a win update with rogue code, if i remeber correctly, inserting rogue code into a genuine update as a man in the middle style hijack and the update would still perform it's win update function and be a genuine service pack number

he wasnt in ms servicers

user would be none the wiser

>>55905649
* he wasnt in ms servers

>>55905649
Efficient, but still lacks global effect.
How did he manage to get between the update and the user anyway?

>>55905713
for myself im not sure all the requires steps just that he told me that was what he was up to.

he moved from austrlia to los angeles as blackhat, he died in LA

>>55905756
australia

>>55905649
>my friend was a leet haxxor and infiltrated windows update
>but he never actually got it working because he uh died
Either you're making this up or he was

>>55905561
I've thought about this once or twice, what if microsoft or google got fucked beyond repair? What kind of chaos would happen with the first world countries that rely so much on them for everything?

>>55905791
all i can say is he never lied to me in australia so i dont see why he'd lie to me from LA, unless drugs make people suddenly lie out of the blue.

not everything in this life is bullshit

>>55902380
pretty much this, that's why i keep using the same antivirus since i was a little boy, COMMONSENSE 2016

>>55902064
is pokemon go malware? everyone won't shut the fuck up about it and keep telling me to get it but i haven't checked if it's safe yet

>>55905991
>popular with normalfags
>GPS
take a guess

>>55906330
i thought we had established a long time ago that apps arent needed to pinpoint a smart phone location to a square area, just a single instance of data in or out such as clock sync to network. am i wrong?

>>55904976
Yes they shouldn't run any locked shit
https://sel4.systems/ only way to go for IoT

>>55902131
i somehow managed to pick up a cpu bitcoin miner and something that randomly changed my DNS in chrome, was weird

>>55906919
You aren't wrong, and there's also strong evidence that the baseband is compromised, which compromises all cellphones

But le pokemon conspiracy

>>55902064
>using outdated and insecure software like IE8 or Windows XP.

>"Taylor Swift - Bad blood.scr"

>downloading files from untrusted torrents

>a 18 year old blonde girl on Facebook wants to show you her nacked photos with .exe extensions.

>>55907306
>not showing extentions

my_wet_clunge.jpg.exe

>>55905550
Pretty sure there's virtualization methods these days with >90% efficiency, but I don't know any details. Also you can pass-through your graphics card so the guest OS gets exclusive control of it (requiring a second monitor, i think).

I haven't gotten any malware in 5+ years. I think I only got 2 in my life.

>>55907887
>not showing extensions is default behavior in windows
>.exe files can have an icon that makes it look like a photo.

I'm baffled with how windows harbors still so much malware

just install gentoo

>>55902064
It comes via Windows Update now, and will install without permission and wipe out your boot sector and/or MBR.

>>55902064
>>55902064
>I use no antivirus and have not gotten a virus in years.
lol, it's not that you don't have viruses. It's just that malware has become THAT good.

File: 1452324580500.gif (394KB, 275x207px) Image search: [Google]

394KB, 275x207px

just a reminder, anti-virus programs dont matter.

>>55903276
Where should I start if I want to write malware or viruses? What should I learn/read?

>>55909678
>what should i learn/read?
nothing, because you're never going to be good enough if this is the best question you can ask

>>55903276
So how do you actually get paid, buttcoin? Do you live in some country where the authorities don't give a shit? I can't imagine someone being a successful botherder for long in the west.

File: Screen Shot 2016-08-03 at 11.03.25 PM.jpg (224KB, 950x935px) Image search: [Google]

224KB, 950x935px

Essentially if you're running an Intel or AMD processor newer than about 2007 or so you have malware.

Look up iAMT and vPro.

How do I know if I have malware?

>>55909946
You don't