Just started my malware collection with CIH, ILOVEYOU and Stuxnet,

>>57359360

autism

>>57359487

>having a hobby you arent interested in is autism
Have you ever considered that if you didn't have a kneejerk cynical reaction to everything you don't understand you would have a happier and more complete life?

>>57359360
Windows 10.

File: who the fuck thought this was a good idea.jpg (91KB, 1024x768px) Image search: [Google]

91KB, 1024x768px

>>57359556

That won't fit on a 1.44MB diskette, unfortunately. Unless...

>>57359360

this is a computer virus. no really. save it to a floppy.

that's basically what you have there

BonzaiBuddy

>>57359571
Put it on a zip diskette. /thread

File: CrunchWhistleFinal.jpg.CROP.article920-large.jpg (34KB, 920x690px) Image search: [Google]

34KB, 920x690px

not really malware but...

prettypark.exe
southpark.exe

>>57359572
I tested ILOVEYOU, I know thats legit. And since they are all from the same pentesting database, I assume the rest are too.

Not that I can test CIH obviously, since it physically destroys your computer permanently and irreversibly.

Isn't there a torrent with a collection of viruses? I remember hearing about it.

https://www.youtube.com/watch?v=LSgk7ctw1HY

>>57359643
>Not that I can test CIH obviously, since it physically destroys your computer permanently and irreversibly.
I'm not a techfag, but I find myself fairly interested in this thread. Can you explain how it does that?

>>57359773

Short TLDR:

When CIH infects files, it checks to see whether there are enough gaps to completely store its code, rather than simply writing its code to the end of the file and increasing file size. If it has enough space, CIH will infect the file without increasing file size. If it does not, CIH will ignore the file, giving it better ability to further infect a user's computer without the user noticing anything

On April 26th (which is the anniversary of the Chernobyl disaster, hence its alternate name), CIH activates, overwriting part of the BIOS (Basic Input Output System) and overwriting the first megabyte of all hard disks in an endless loop, causing the computer to crash. Once rebooted, the BIOS is corrupted and will no longer display anything on the screen or initiate the boot sequence, rendering the computer unusable.

>>57359876
Thank you for the explanation.
How is it possible to get infected by this?

>>57359981

Most common method back them (1998) was to sneak it into a videogame or software update, so the user would run the application thinking it was something else.

Wikipedia says:

The virus first emerged in 1998... ...On December 31, 1999, Yamaha shipped a Software update to their CD-R400 drives that was infected with the virus. In October 2000, a demo version of the first-person shooter game SiN was infected by one of its mirror sites.[6] In March 1999, several thousand IBM Aptivas shipped with the CIH virus,[7] just one month before the virus would trigger.

>>57359360
Morris worm.
Stoned.
Sasser.
Mydoom.
Conficker.
Melissa.
Cryptolocker.

>>57359487
Collecting things as a hobby does not qualify as autism.

>>57360107

>melissa
Can't believe I forgot about that one. I'll nab it now.

>>57359360
See: danooct1 on YouTube
He's a bit cancerous, but you can go find more "Famous" viri there.

Anyone have a list of the computer models CIH can affect? I had it on a diskette a while back, but said diskette has either gone bad or gone missing by now.

>>57360129
>danooct1
>cancerous

Explain yourself.

>>57359876
So would that work with a UEFI board?

>>57360138
The explanation is probably worse, but he's the kind of person to ban you for asking his sources.

I mean ban as in block or delete your post.

>>57360171

Its because if he leaves those comments up his YT channel gets b& i think

>>57360107

>Collecting things as a hobby does not qualify as autism.

Collecting stuff is literally one of the main symptoms of autism.

>>57359360
>no Nimda
>no Code Red

>>57360201
Comments asking for where he gets his information and the viruses?

The viruses I can see, but information?

>>57359360
You're like that kid in the movie that shoots up his school with a bow and arrow.

>>57359360
I was infected with some kind of Chinese Trojan a few months ago. I clicked the .exe (yeah yeah), first thing it did was disable MSE, then it downloaded a payload from the net which gave me a chinese popup in tray, then Windows notified me that UAC was disabled and prompted me for a reboot.

I shut down the machine, extracted the .exe and reformatted.

If anyone is interested I can upload it somewhere..

>>57360254

We Have To Talk About Kevin iirc

>>57360155
It does not work on pretty much any board made after 2002.

>>57360282
yes please, upload

>>57360305
Okay, hold on.

>>57359552
>he's right though

kys Senpai

>>57360211
"A gives a predisposition to B" does not imply "if B is present, A must also be present".

Inappropriately generalizing things is also a symptom of autism.

File: 1478034954640.jpg (19KB, 225x225px) Image search: [Google]

19KB, 225x225px

>>57359571
Imagine actually installing that and finding out you have a duplicate of 3400 or that there is one diskette missing.

>>57359556
Kek

>>57360305
>>57360323

Here it is:

WARNING THIS FILE CONTAINS A VIRUS

goo[d0t]gl/4M1Un4

the password is:

warningthisarchivecontainsavirus

File: FlamboyantUnderstatedGelada-poster.jpg (231KB, 627x502px) Image search: [Google]

231KB, 627x502px

>>57360649
If any of you wizards can identify it I'd like to know what it is.

I've heard some can breach VMs though, so I'm too scared to run it.

>>57360649
Holy shit, I was expecting a notepad file with some bullshit in it or a survey, but it looks like anon came through.

I'll run it under some VMs or something later and send results if I remember to.

>>57360682
It's probably just some more ransomware.
>some can breach VMs
I have plenty of shitty laptops lying around for this very purpose, so fear not anon, I will take the 3 hour long XP reinstall for you

File: hazmat-2.jpg (179KB, 1000x645px) Image search: [Google]

179KB, 1000x645px

>>57360733
Just for the record, I take no responsibility for any damages.

I posted this just for educational purposes.

I did not make this virus.

>>57360649
https://virustotal.com/en/file/8b874e8c9ecdb92f0e4ecee49102ede1c074a1c03a76555dacef92bd72e444ee/analysis/1478130424/
Seems to just be adware, at least going by these detections.

>>57360835
That's fine, if you think I need to I can disconnect it from the internet, too.

>>57359571
is this for real lmao

File: 1471227874237.jpg (43KB, 363x372px) Image search: [Google]

43KB, 363x372px

>>57360649
>>57360733
>Breaching VM's

Wait is this really a possible/common? There I was under the impression using VM's would be safe.

File: 1383332385064.jpg (120KB, 1205x721px) Image search: [Google]

120KB, 1205x721px

>>57360863
Well, it disabled security essentials and UAC on my fully updated Windows 10 machine within 30 seconds of running it. That's some potent adware.

>>57360863
More likely it's being detected by heuristics or what ever it's called, which is basically guesswork.

>>57360919
I'm not sure, but since some can spread over the network (Sasser?), the VM, being on the network, is (in theory, at least) able to spread to the host.

>>57359615
that's a weird of a pendrive

File: 28weekslater_03_1024.jpg (244KB, 1024x768px) Image search: [Google]

244KB, 1024x768px

>>57360863
The software it is claiming to be is used for managing scientific citations. So the target of what ever this is is likely academics or academic institutions..

File: 1206622497054.gif (15KB, 275x300px) Image search: [Google]

15KB, 275x300px

>>57360863
The results are all over the map, this is a strong indicator that nobody knows what it is. If it was well known they would all identify it as the same.

>>57359360
I think the MEMZ virus hits pretty hard. Uncle Joel used it in a W10 destruction video and it fucked up everything in the VM

>>57360919

VENOM could do this

>>57359360
i don't really get it, whats so special about it ? there are (or probably were) websites where you could download malware archives with binarys, source if available, etc

>>57359360

Sircam. https://en.wikipedia.org/wiki/Sircam

I got hired for a short-term gig to clean it up back in 2003 at a notable defense contractor's multiple sites around my city.

>>57360343

>Inappropriately generalizing things is also a symptom of autism.

Wrong, it's actually the very opposite.

>>57361106

Nothing special. I just like being able to notable or impressive pieces of malware as a physical object I can touch or frame or whatever.

Why arent virus infections more common?

File: dogy.png (72KB, 851x464px) Image search: [Google]

72KB, 851x464px

I have a few dodgy exes, two of them get a positive result with clamav

one of them is an exe from those "free (insert online game) money"-programs, but does not give any positive results. I guess it is just phishing.

most of them are supposed to be these cute animals that follow your cursor around

>>57361186

People are more aware about internet safety (dont download strange .exes, etc)

Antivirus software is both almost ubiquitous and more advanced.

Mainstream OS's are more idiotproof than they used to be, and flash up more warning messages and stuff than they used to.

Cybercrime is treated more harshly and investigated more effectively.

Virus infections still are common, but they go after the lowhanging fruit of complete tech retards, so neither you or your friends are likely to experience one.

>>57360919
Its very rare for something to actually break out of the VM. Most rely on shared folders or networks to get out of the VM so make sure you have them properly configured before fucking around with anything.

>>57360649
>>57361011

Okay then I'm gonna run it. In case it actually can break out of a VM I'm gonna run it in Bochs instead. Slow as hell, but it's a proper interpreting emulator. Worst it can do in there should be crash the Bochs process unless it's specifically designed to exploit a vuln in this specific version of Bochs.

>>57361220
Thank you for this non-meme answer, brother.

>>57360248
It's because he's sick of skids asking for malware.

Also he gets his shit from VX Heavens.

Even if it had access to a shared directory, it would just mess up the directory right?

If it has internet access, it could probably infect hosts on the internet, which is the main problem with the malware-acquarium meme.

So I guess you also need to isolate it to its own network (or completely firewall it off).

The only problem remaining I see is exploiting a vulnerability in the vm, or if you somehow gave the vm access to hardware, and it manages to somehow rewrite firmware or exploit the hardware.

>>57361251
Welp... At least in XP with no network connection, it seems to do nothing. Runs for about half a second and disappears with no visible changes.

Think I'm gonna try with Win7 in a pretty locked down VMware VM. Win7 in Bochs sounds like torture.

>>57360248
>>57361317

Forgot to mention as well. Look at his forum for the viewer submitted malware. He's always getting sent "malware" written in msbatch by skids.

>>57361327
it probably knows it's inside a VM and won't execute

File: 1242981125310.jpg (35KB, 434x650px) Image search: [Google]

35KB, 434x650px

>>57361327
It might need internet access to download payloads, and without it it may just lie dormant. Or it could know it's in a VM and do nothing.

Newton "virus"

>>57359615
Is that the one they used for phreaking due to its pitch?

>>57359643
It only destroys your BIOS' programming. If you can re-flash, then it'll be okay. If you run it in a VM, you'll definitely be okay.

>>57361572
Not that anon but I think so.

>>57361572
Yep.

>>57361212
Grab the hashes and see if the Virus Total scanners find anything.

>>57359657
Yeah the vxheaven collection which is around 64 GB. You can find the dl link easily on internet archive

>>57360649
All the AV in virustotal just lists it as generic adware

>>57360649
where did you even download this shit man

>>57361736
Just means it didn't get a match.

>>57361027
Didn't someone make a bolbi virus also?

>>57360649
Seems to download from get.fc-gosh.biz/launch_askar.php which seems to supposed to redirect to a stub generator to "installersetup.exe". Do you still have this file? the domain it generates from is no longer up

>>57359360
Hey, I have access to something called VirusShare that my friend has invited me into which has tons of viruses on it. If you want, I can invite (only 3) people to this. I just need your email

>>57359360
windows *

>>57359615
you can go to jail and get your life fuck up for that

So what are the chances of malware spreading between two partitions of separate windows 7? Neither partition mounts the other drive.

>>57360835
> I take no responsibility for any damages.
that's not valid in court

>>57359360
that Pikachu Virus from the late 90s.

https://en.wikipedia.org/wiki/Pikachu_virus

>>57361651

# md5sum *
21407d5d9f70c33d7e129bf45b7f0728  xo.exe

File: 200_s.gif (15KB, 188x200px) Image search: [Google]

15KB, 188x200px

>>57360282
>Windows notified me that UAC was disabled

>>57360919
Some viruses can break out of the VM and into your BIOS.

>>57362146
Examples?

The Creeper (1971!), which wasnt so much a real virus, but basically a test of the theory of self replicating programs. it copied itself between computers, and all it did was display the message "I'm the Creeper: Catch me if you can".

"The Reaper" was later created to delete Creeper

thats actually a real neat hobby, anon

>>57359615

people who oppose pirating can really learn a thing or too about the history of phreaking.
Same problem but different service.

>>57362185
I remeber there was a proof of concept that won some Google award, or something. It brokeout of VM and messed things up, not too badly, but it showed that it could be done, big deal at the time as Google was investing in new VM security setups or something like that.
If modifed and combined with other code for permission esculation. There no reason to think it couldn't edit firmware, but never haerd of some final form being made. But wouldn't be suprised if the CIA or rogue hack took it all the way by now.

you should get AIDS, you fuccing faggot.

>>57359615
wtf

>>57361135
>no cited sources
LOL

>>57359615

And too think piracy lends its roots to a blind 7 year old kid. Staggering.

>>57359360
Wasn't stuxnet like 200 mb?

>>57361893
I might, I'll check it out later tonight if the thread is still up.

>>57362857

This pic made me kek thanks anon!

>>57363999
No, it was only half a megabyte. Still massive for a virus though.

>>57359360
Microsoft Windows