The subjects touched upon by Marcell Dietl in this part are types of payloads and malware out there, as well as the way VXers communicate with each other.
Types of Payloads
So, what types of payloads do we have? First of all, what’s a payload? A payload is everything else but reproduction. Reproduction is the normal thing that a virus does, and a payload is like the rest: could be closing all windows, could be changing the start page of IE or whatever.
What is a conspicuous payload? Well, I define a conspicuous payload as a payload that really wants to make the user realize that they got infected. Could be a message box telling you: “Hey, you got infected by virus XY”, that is really conspicuous.– Inconspicuous
More interesting are inconspicuous viruses, and most criminals do inconspicuous payloads. For example, the projects by Joanna Rutkowska had very interesting examples of inconspicuous payloads, because the viruses put the whole OS into a virtual machine which is not recognized by the user, so it’s totally inconspicuous.
– Poly- and metamorphic
Poly- and metamorphic viruses are very interesting. They change the way they act every time. So you code this virus and you can’t be sure how it will act 25 reproductions later. They are really, like, the big ones.
Anti-debugging techniques are very interesting too. I wrote a virus; it was released in EOF magazine number 1 – remember EOF-project.net – that shows how to do anti-debugging, and you can write routines for your virus that check if they are debugged. So, this can be a payload as well.
Types of Malware
Ok, we’ve talked a bit about viruses, worms, Trojans, whatever, but I haven’t defined those yet. So, let’s define them now: what types of malware do we have?
Well, first of all we have a virus. What is a virus? A virus is a program that starts within an affected host file and reproduce itself to other files.
A worm is like a virus, but it spreads externally: over the Internet, over the LAN, whatnot.
– Trojan Horse
A Trojan horse is a program that simulates a normal program – could be simulating a game or whatever, but it silently executes evil code.
And we have a hoax – this is just a joke virus.
Ways of Communication
Ok, ways of communication. Now that we’ve talked about viruses, shall we come back to the VXers proper. So, how do they communicate with each other?
– File Servers
Well, first of all – VXers communicate over file servers. There are great file servers out there, and if you read my article on hacking, you can find a link to a file server. A good file hoster is vx.netlux.org. It has many viruses, source code, and binary viruses as well, and this is the way VXers communicate, the way they conduct knowledge exchange.
Websites, of course; every good VXer has his own website where he shows his stuff, his source code.
Emails are mostly used if a VXer plans a new project and they want to make it silently, they don’t want the public to realize it, so they are writing emails to each other. Same with ICQ, MSN,
So, something interesting now: IRC. IRC is the medium for XVers to communicate, and because of this I wrote down some good channels for you, which you can find in irc.undernet.org. First of all, EOF-Project channel, VXers channel, Virus, VX-Lab, and Vir. There you will find mostly every VXer in the world. But just a tip: don’t go there and spam – you will be kicked out. VXers are careful with strangers, so it would be better if you code a virus, show it to them and then they would trust you more.
VXers are not using SILC. Actually, I would suggest them to use SILC because it’s more secure; they still love IRC and they will always use it, I guess.
E-zines are the most important platform for VXers to communicate with each other. What is an e-zine? E-zine stands for electronic magazine. Imagine an e-zine like a little folder which has different subfolders full of sources and tutorials and articles, and mostly you have an index.html file that links to every special source and article that is in the e-zine. So it’s like a really little pdf or whatever, and it comes out mostly once a year by one group.