malware.htm: How to search the web, by fravia+ malwares

~ Malwares ~

				Malwares

Version March 2001

MALWARES
(aka spyware, aka snoopers, aka softtrojans)

Essays to help unawares understand malwares

Nothing worse than malwares, as you will see... and seekers & reversers should take great care in order to avoid such sniffers and, at the same time, to detect, investigate (read: reverse engineer) and denounce them to the unawares...

 "But take care when you find your appz, 
  or you'll not gain your just rewardz, 
  your quest will all have been in vain, 
  and you will have to start again"

(Ancient websearchers' rhime)

A "classical" must-read is ["The Anatomy of File Download Spyware"] by Steve Gibson

Malwares examples ~ using strings and grep

If you want to read about some examples of Malwares (let's help the unawares understand with some famous examples) then search the web for Lotus 'secure encryption', 3com's 'debug' account, Id's Quake server backdoor (password="tms") and Borland's Interbase (ALL Interbase databases!) "politically/correct" hardcoded password... alternatively, malwares are so widespread that you may just run a 'strings' program like [strings] or [bintscan] on your binaries and see what it finds :-)
Btw, there's another advantage in running a strings program against your binaries: often enough the various command-line options (and many other options) are NOT documented properly. Hence running "strings" on a binary is the only way to discover how to run your program properly. When doing such operations on commercial software you will often see information that the programmers most probably would have preferred you NOT to see.

Another sniffing approach is to use a good [grep] program (i.e. one that does not chocke on windoze's swap files) in order to find specific strings (for instance inside the messy inferno of windows's subdirectories :-)

Various kinds of possible Malwares exploits

Hidden manipulation
Parameter tampering
Cookie poisoning
Stealth commanding
Forceful browsing
Backdoors and debug options
Third-party misconfiguration
Cross-site scripting
Buffer overflow
Published vulnerabilities

Our Essays
They should thank GOD that there'are crackers and reversers around... (A+heist)

[boobytra.htm]
Software that hiddendly corrupts, checks or modifies your data
by db-cooper, +Tsehp, ArthaXerXes
March 2000
[trojashop.htm]:
Trojanized Commercial Shopping Cart
'This program -deliberately- allows arbitrary commands to be executed on the victim server'
by joeATblarg.net
April 2000
[teport_2.htm]: Teleport Pro 1.29, malware galore
by Faulpelz
May 2000
[realmal1.htm]: RealNetwork's latest heavily-promoted goodie by Lauren Weinstein, part of the [malware.htm] (Mal behaving software) section
May 2000
[for_lemu.htm]: A 32-digit hexadecimal number in your URL ("URLs that bite", a first stab) by +Forseti, part of the [malware.htm] (Mal behaving software) section
October 2000
[noos_tel.htm]: Delving deeper into Teleport Pro 1.29 by Noos, part of the [malware.htm], section
October 2000
[teport_3.htm]: Teleport Pro V1.29 (Build 1107) (Delving deeper into Teleport Pro 1.29) by Faulpelz, part of the [malware.htm], section
January 2001

Far from being finished... and still awaiting +Forseti's essays...

Back to advanced