1. Forum
  2. spooknet
  3. SN SECURITY

  • Re: polymorphic viral engines

    From Ogg@700:100/16 to poindexter FORTRAN on Sun May 19 21:20:00 2024
    Hello p.F!

    ** On Wednesday 08.05.24 - 09:54, poindexter.FORTRAN wrote to warmfuzzy:

    A good read about the group responsible for Back Orifice is
    "Cult of the Dead Cow: How the Original Hacking Supergroup
    Might Just Save the World" by Joseph Menn. I worked with a
    cDc member back in the '90s, and still have a bunch of "owned
    by cDc" stickers.

    Another book on hacking culture:

    The Ransomware Hunting Team: A Band of Misfits' Improbable
    Crusade to Save the World from Cybercrime | Paperback

    Renee Dudley | Daniel Golden

    Picador
    True Crime / Cybercrime / Computers / Security - Viruses & Malware / Law / Forensic Science

    Published Oct 24, 2023

    9781250872609
    --- SBBSecho 3.20-Linux
    * Origin: End Of The Line BBS - endofthelinebbs.com (700:100/16)
  • From warmfuzzy@700:100/37 to all on Tue May 7 17:36:11 2024
    There used to be a popular remote access trojan called Back Orifice. It works exceptionally well and could totally root a windows box. The problem was that it got its malware signature in every anti-malware suite out there. But there has come to light a solution to that problem. Enter the "polymorphic malware engine." These are state of the art re-coding software kits. They basically get the idea of what the software does and use different code to have the malware do the same thing. In short form the program is identical to its original malware, but using different code to accomplish the same task.

    Back to Back Orifice, it had its executable code (in .exe form) used in one of the polymorphic engines and was able to do exactly what it did in its original form but without having any known malware signature that could be detected by any anti-viral suites. Its an intriguing use of getting something done, producing the same result, but using different coed to accomplish the same task.

    In amazement
    -warmfuzzy

    --- Mystic BBS v1.12 A49 2023/04/30 (Linux/64)
    * Origin: thE qUAntUm wOrmhOlE, rAmsgAtE, uK. bbs.erb.pw (700:100/37)
  • From poindexter FORTRAN@700:100/20 to warmfuzzy on Wed May 8 06:54:34 2024
    Re: polymorphic viral engines
    By: warmfuzzy to all on Tue May 07 2024 05:36 pm

    There used to be a popular remote access trojan called Back Orifice. It works exceptionally well and could totally root a windows box. The problem was that it got its malware signature in every anti-malware suite out there.

    A good read about the group responsible for Back Orifice is "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World" by Joseph Menn. I worked with a cDc member back in the '90s, and still have a bunch of "owned by cDc" stickers.


    _ _
    ((___))
    [ x x ]
    \ /
    (' ')
    (U)
    --- SBBSecho 3.20-Win32
    * Origin: realitycheckBBS.org -- information is power. (700:100/20)