Rogue Virus/fake Virus

[ZeroOne]

First I would like to apologize if I posted incorrectly! That being said. New to Hak5 Forum but have been visiting the website for about 6 months ever since I discovered Hak5 on CNET.

That being stated I'm a newbie to developing and finishing school with a software engineering degree which I have to say that you learn wayyyyyyyy better on your own and only wish I chose not to pay the thousands for the degree. Anyways off to the real issue. So these new rogue/fake virus's are popping up everywhere and they are seriously annoying so I would like to know how they operate and why is it that Vipre or Kaspersky can't pick them up? Also how is it the virus run's before the Antivirus does? I am just curious to know because I have figured out how to find them and delete them from the pc it just is very annoying and takes time.

Any insight on the subject would be most helpful and thankful...

Thank you

ZeroOne

[Mr-Protocol]

Fake viruses I haven't seen to be that intrusive.

I sort of disagree on learning on your own = better. I'd rather learn from someone who knows it and can Q&A back and forth. It all depends on instructor.

They can run before antivirus if they are loaded at boottime before the AV services start.

They most likely cannot pick them up because they are either polymorphic or they have not been reported. Antivirus can only detect what it knows by signatures, but some AV companies detect system changes and block them.

Sit back, drink some beer, run MalwareBytes and relax :P.

If you want to know more on what they do to a system your best bet is to run it in a sandbox. Or (and i cant remember right now) there is a program that will snapshot registry, run malware, run snapshot, compare snapshots to see what changed.

Edited December 17, 2010 by Mr-Protocol

[ZeroOne]

Thank you for the response... :) Ok you are right because my HTML teachers were great but this Java class I'm in is like here is the assignment, here is the book, figure it out. Anyways I haven't had an issue with getting rid of the virus because Malware bytes and Kaspersky's version of malware bytes (I can't remember the name right now) does a great job. I know that Antivirus's can only detect what they know and I think the Antivirus company's actually pay people to develop virus's so people can buy the software to keep them in business. However, you said something about them being loaded at boottime, do you mean that the virus is potentially being loaded during the boot check as soon as system is powered on? That was one of my thoughts or it loads before the OS loads. I just think people making virus's are only holding developers back.

[mux]

I know that Antivirus's can only detect what they know and I think the Antivirus company's actually pay people to develop virus's so people can buy the software to keep them in business.

Quite the opposite happens in the real world. Most of the time the AV companies are trying to pay the original writers for their source. Also, sometimes developers approach AV companies with new exploits and get paid that way (or do it free of charge for the community).

I just think people making virus's are only holding developers back.

How do you figure? They are developers as well. If anything, they are strengthening development by warning programmers not to get lazy and leave gaping exploitable holes in their software. A lot of virii exploits 3rd party software, not just OS services.

[Infiltrator]

A lesson to learn is to, always no matter what patch up all your computer software including the OS. Most virus nowadays infect systems, by exploiting security holes, so if you system is fully patched up, your changes of getting infected is pretty slim. Of course, if a virus has been written to exploit a zero day vulnerability, you are pretty much screwed. However there are software that can temporary close those security holes, until the vendor has released a patch. I know McAfee has a product that does that, but I forgot whats called.

Edit: Anyway, I would recommend using Avast5. Avast never let down.

Edited December 17, 2010 by Infiltrator

[ZeroOne]

Mux,

I guess you coils say either way the AV company's are paying for it! I say it holds them back because if all these people developing viruses were to divert their energy into improving software instead of finding ways to mess things up then I feel that we would be even more advanced than we are now! Developers have to take time out to figure out bow to fix something hat should not have been broken! In other words if I make a car and someone breaks it I have to fix it! All the time I put I to fixing the car I could have used to improve it!

However, I still don't understand how the AV is unable to run during boot but these viruses can? I'd like to develop a patch but I'm ded not that far advanced yet! I just started learning Java and would love to go back to SQL!

[Infiltrator]

I somehow have to disagree. I still think there are a bunch of hackers/virus writers out there that like to challenge all these AV companies, by designing some sophisticated worm and letting it loose on the internet.

It takes a lot of hard work and knowledge to design a computer worm so sophisticated just like Stuxnet, that I somehow don't think these companies are behind all these viruses. Has to be individuals alone.