Monday, May 5, 2008

VXers slap copyright notices on malware

Malware authors have lifted a page from the legit software industry's rule book and are slapping copyright notices on their Trojans.

One Russian-based outfit has claimed violations of its "licensing agreement" by its underworld customers will result in samples of the knock-off code being sent to anti-virus firms.

The sanction was spotted in the help files of a malware package called Zeus, detected by security firm Symantec as "Infostealer Banker-C". Zeus is offered for sale on the digital underground, and its creators want to protect their revenue stream by making the creation of knock-offs less lucrative.

The copyright notice, a reflection of a lack of trust between virus creators and their customers, is designed to prevent the malware from being freely distributed after its initial purchase. There's no restriction on the number of machines miscreants might use the original malware to infect.

Virus writers are essentially relying on security firms to help them get around the problem that miscreants who buy their code to steal online banking credentials have few scruples about ripping it off and selling it on.

In a blog posting, Symantec security researchers have posted screen shots illustrating the "licensing agreement" for Infostealer Banker-C.

The terms of this licensing agreement demands clients promise not to distribute the code to others, and pay a fee for any update to the product that doesn't involve a bug fix. Reverse engineering of the malware code is also verboten.

"These are typical restrictions that could be applied to any software product, legitimate or not," writes Symantec researcher Liam O'Murchu, adding that the most noteworthy section deals with sanctions for producing knock-off code (translation below).

In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.
Despite the warning copies of the malware were traded freely on the digital underground days after its release, Symantec reports. "It just goes to show you just can’t trust anyone in the underground these days," O'Murchu notes

Friday, May 2, 2008

After Long time !!!

Just thought of writing a BASIC program after almost 15 years !!!

AUTO

10 REM --- Hi BASIC ---
20 PRINT "HELLO WORLD! "
30 END

AUTO

10 REM -- I STILL REMEMBER YOU ---
20 PRINT "What is your name"
30 INPUT NAME$
40 PRINT "What is your age"
50 INPUT AGE
60 PRINT "What is date you born. Enter only the date"
70 INPUT DATE
80 PRINT "What is month you born. Enter only the month"
90 INPUT MONTH
100 DIFF = 2008 - AGE
110 NDIFF = DIFF
120 NUM = 1
130 IF MONTH < 5 THEN GOTO 140 ELSE GOTO 210
140 FOR I = DIFF TO 2008 STEP 1
150 PRINT "Your "; NUM ; " birthday was on "; DATE ;"/"; MONTH ;"/"; NDIFF
160 NDIFF = NDIFF + 1
170 NUM = NUM + 1
180 NEXT I
200 GOTO 270
210 IF MONTH > 4 THEN GOTO 220 ELSE GOTO 270
220 FOR I = DIFF TO 2007 STEP 1
230 PRINT "Your "; NUM ; " birthday was on "; DATE ;"/"; MONTH ;"/"; NDIFF
240 NDIFF = NDIFF + 1
250 NUM = NUM + 1
260 NEXT I
270 PRINT "Goodbye BASIC. I will love you forever !!!"
280 REM --- End ---
290 STOP

May 1, 1964: First Basic Program Runs

1964: In the predawn hours of May Day, two professors at Dartmouth College run the first program in their new language, Basic.

Mathematicians John G. Kemeny and Thomas E. Kurtz had been trying to make computing more accessible to their undergraduate students. One problem was that available computing languages like Fortran and Algol were so complex that you really had to be a professional to use them.

So the two professors started writing easy-to-use programming languages in 1956. First came Dartmouth Simplified Code, or Darsimco. Next was the Dartmouth Oversimplified Programming Experiment, or Dope, which was too simple to be of much use. But Kemeny and Kurtz used what they learned to craft the Beginner's All-Purpose Symbolic Instruction Code, or Basic, starting in 1963.

The college's General Electric GE-225 mainframe started running a Basic compiler at 4 a.m. on May 1, 1964. The new language was simple enough to use, and powerful enough to make it desirable. Students weren't the only ones who liked Basic, Kurtz wrote: "It turned out that easy-to-learn-and-use was also a good idea for faculty members, staff members and everyone else."

And it's not just for mainframes. Paul Allen and Bill Gates adapted it for personal computers in 1975, and it's still widely used today to teach programming and as a, well, basic language. (Reacting to the proliferation of complex Basic variants, Kemeny and Kurtz formed a company in the 1980s to develop True BASIC, a lean version that meets ANSI and ISO standards.)

The other problem Kemeny and Kurtz attacked was batch-processing, which made for long waits between the successive runs of a debugging process. Building on work by Fernando Corbató, they completed the Dartmouth Time Sharing System, or DTSS, later in 1964. Like Basic, it revolutionized computing.

Ever the innovator, Kemeny served as president of Dartmouth, 1970-81, introducing coeducation to the school in 1972 after more than two centuries of all-male enrollment.

Monday, April 28, 2008

The Race to Zero

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008.

The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.



There are a number of key ideas we want to get across by running this event:

1. Reverse engineering and code analysis is fun.

2. Not all antivirus is equal, some products are far easier to circumvent than others. Poorly performing antivirus vendors should be called out.

3. The majority of the signature-based antivirus products can be easily circumvented with a minimal amount of effort.

4. The time taken to modify a piece of known malware to circumvent a good proportion of scanners is disproportionate to the costs of antivirus protection and the losses resulting from the trust placed in it.

5. Signature-based antivirus is dead, people need to look to heuristic, statistical and behaviour based techniques to identify emerging threats

6. Antivirus is just part of the larger picture, you need to look at controlling your endpoint devcies with patching, firewalling and sound security policies to remain virus free.

We are not creating new viruses and modified samples will not be released into the wild, contrary to the belief of some media organisations

Above all we want the contestants to have fun!

Wednesday, April 16, 2008

Not so different

The following are programs written in Ada, C and Java that print to the screen the phrase "Hello World."

ADA PROGRAMMING LANGUAGE

with Ada.Text_IO;
procedure Hello_World is
begin
Ada.Text_IO.Put_Line ("Hello World>br>from Ada");
end Hello_World;



C PROGRAMMING LANGUAGE

#include < stdio.h>

void main()
{
printf("\nHello World\n");
}



JAVA PROGRAMMING LANGUAGE

class helloworldjavaprogram
{
public static void main(String args[])
{
System.out.println("Hello World!");
}
}