virus questions

[Journer]

1) is it possible to write a program in a framework like .net or java? they both run in a vm (or something similar) and thusly, supposedly, pretty secure.

2) how would a (large) company deal with a virus if it was written specifically for them? from what i understand, most modern virus scanners will look through the defs first, not find anything (obviously), and then use some heuristics to find out if the program is breaking rules. but, lets say your virus attacked a vulnerability you found with one particular company. what then? i'm really interested in security and how some big ass companies would deal with that (a bank, for example). what if the person writing the code used to be a high level IT employee, and therefore knows it all, what then? how the hell do big companies minimize these risks?

3) what happens when a virus infects a virtualizing host? if the virus can find all the client systems on that machine it could potentially infect an entire leg of a business server structure, no? this is especially interesting considering the way things are going in the virtualization market

my knowledge on viruses and anti-virus software is pretty lame, so any links to articles on security and whatnot would be helpful. i'm interested in how they work and how they are prevented. so far then only decent article i could find was wiki and one other one from early 2000's

 

[Cogman]

1) yes, people program in .net and java all the time.

2) First off, it is hard to "Know it all" without the source code. Most big companies wont let the source code leave the building. Without that, it is pretty hard to break in, per say. Secondly, any important computer of mainframe should be exposed as little as possible. Once a person of high level is fired, passwords are changed, essentially locking them out of the system. If something is really important it will probably wont be exposed to the internet.

3) Yep that's a possibility, so you have all the hosts as little power as possible so the risk is a minimal as possible.

Viruses are hard to describe as they are very unique in their own way. Most are done by non-professional coders that are trying to just do damage (Teenagers). The ones that are professionally made are done usually with the intent to spam. Other then that, there really isn't a whole lot of incentive to write a virus.

That being said, when I started coding one of the first things I wrote was a Trojan for my friends computer (I was a teenager...). It was done in Vb and wasn't hard at all, though it was REALLY bad coding.

 

[Markbnj]

My answers...

1) Yes, as Cogman said, but these languages don't run in VMs the way that VMWare images do, for example. I wouldn't make any assumptions about security.

2) Big ass companies, as you call them deal with internal threats just as seriously, if not more seriously, than they deal with external threats. Active intruder detection, extensive logging of system changes, strict password policies, hardware USB keys, firewalls, scanners, etc. The bigger the company the more likely they are to have an extensive security operation tailored to their specific operating environment. This goes double for banks.

3) Some stuff has been written recently about advanced rootkits that get into the VM host and then infect images as they are booted. I don't think they are at all common yet, but as always it's a vector for attack and will be exploited if possible.

The modern virus market is industrializing. The script kiddie groups just doing stuff for fun have a lot less impact these days than the malware black market where you can buy ready-to-run trojan packages including advanced rootkit software. Many of these off the shelf packages are polymorphic, i.e. they change their binary signatures frequently, and make a mockery of signature-based detection.