I Made A Virus - I Instantly Regretted It
HTML-код
- Опубликовано: 15 сен 2024
- Let's see what it takes to make a virus.
Become a member to get early access to videos - / @nathanbaggs
Want to build cool stuff from scratch? app.codecrafte...
💭 All views are my own 💭
Ever wondered how computer viruses work? Dive into the inner workings of viruses with me as we explore infecting files, executing code, and spreading the infection. Subscribe for more fascinating insights into the world of malware!
Want early access to new videos and some behind the scenes content? Consider becoming a channel member ruclips.net/channel/UCQvW_89l7f-hCMP1pzGm4xwjoin
New challange: infect the Antimalware service executable
Fun tip about Mcaffee... it doesn't actually check the files. All it does is notice it is new, gets a hash of it, and send it back to McAffe's servers for a determination there. this could take days.
Why would it take days?
@@eadweard. After some initial automated checks, the file can be reviewed by a real person and determined if it is a virus or not.
@@AllenKll Difficult to know quite what you're saying. If you click "Scan" on an previously-unseen file, it's obviously not going to sit on "Scanning" for days while a human looks at it.
@@eadweard. No, it doesn't find it's hash in the file DB, so it gathers information, sends it off to the mcaffee servers, and tells you it's fine.
>lemme mail this infected file to the boss, so he can check if its alright
Fun fact: the notorious Chernobyl/CIH virus worked much in the way you describe: it would look for empty spaces between the executable sections and then write sections of its code into those empty spaces. Then, when an infected file was run, the virus code would reassemble those sections with some code stored between the PE header and the rest of the data.
The reason the virus was so notorious was that its payload would DELETE YOUR BIOS, potentially rendering your machine unusable.
Your content is the best. I love your vids. They are so accessible and interesting yet just detailed enough to learn something new.
Thanks!
i never knew you COULD hide code in the executable without directly injecting onto the actual code
well i guess im going to look into the portable executable format, seems interesting
Great video, very interesting! Also it’s been nice to see you grow as a content creator - the videos keep getting better and better produced.
Thanks! It's been a lot to learn but I just try to make each video better than the last
Would be neat for a follow up video to see how you would code an antivirus for this virus
Really interesting and informative video! Always wondered how viruses are made. It's pretty fascinating what is possible when you look below the tidy surface and overcome your default mindset of wanting things to work as expected.
Wait, what about the code digital signature? I thought it was supposed to detect modifications.
I remember learning about the Portable Executable (PE) file format writing an ELF loader for my UEFI bootloader. This is a great refresher!
In Windows Defender you can chose to ignore a threat if you think it's a false positive.
What this video really shows is that making a zero day exploit is very doable, that antivirus programs may only see certain injections in certain code-caves that it is actively looking for.
From a personal point of view as a user and not a developer, I would like it if every system call was prompted on screen much like the "would you like to run this program, yes or no?", but it would show a window with what folder the program wants to change and what files it wants to affect, much like when you copy files and replace them in a folder.
The same way Android apps asks for permissions to use location, microphone or access folders, I would like executable files to ask me for permission, and that all these syscalls and permissions would have to be reviewed before granting a program permissions to change certain folders.
One of the most annoying things with any executable program, is when it changes a file, folder or registry index without telling you what it's changing. Most installers shows a list of things it wants to install and a user can opt out of optional packages by clicking a checklist. A program or game should say promptly: "We wish to add this to your %appdata% folder" or "Install additional libraries in this location".
Since switching to SSDs, a lot of apps chose to install ludicrous big files in the %appdata% folder, which is stored on the OS drive, and it takes up a lot of space for no reason, (looking at you Spotify). There is literally no speed benefit of putting cache in %appdata% compared to putting it in the installation folder on a normal HDD, unless the program or game specifically benefit from loading certain files from an SSD. I find myself creating symlinks from a HDD and putting it into %appdata% folders very often, just to save on space. Until I get a 1TB SSD, I won't be allowing 20GB of cache files to just collect dust on the SSD for a program I run once in a blue moon.
Thank you for a very educational video.
This was very good. I read some books on Windows Internals a few years ago but never did anything as practical with the knowledge beyond normal development. Thanks for sharing!
plot twist: this video is a virus
Man I got got😊
This is actually how a lot of DOS viruses worked. One of the first ways to know a system file was infected was to verify the size, so if you can obfuscate your changes by injecting code into dummy data, you could hide in plain sight.
And thus the cat and mouse game that is cybersecurity.
This was quite an interesting and different video from your previous work. I'd love to see more of it!
What an underrated channel, damn!
ohh so good, this video was delightful. It enlightens clearly so many concepts, like a structured list to later later study more deeply knowing how they relate, THIS was what I most liked.
Love your content. Really enjoy the flow of your videos and how you walk the viewer through complex concepts.
Me watching and nodding along. Mhm mhm
I understood nothing but loved it.
This is such a great video. A lot of folks like to play it safe and not share the "secrets" of malware development.
The thing is, the information is all out there. There's nothing gained from hiding anything. The "bad guys" can find this information all over the place. More people knowing about it means more bad people can use it. . .but it also means more good people know how it works so that they can work to defend against it.
As we all know, security by obscurity doesn't work.
Thanks! Yeah there’s nothing secret here, but I’m hoping it might be new and interesting to a lot of people
I don't think I've ever heard anyone pronounce EXE the way you do. Made me chuckle a lil
All my EXEs live in Texas
I love videos that are for educational purposes only. They are so.... educational. :)
This is fasctinating and insane to me at the same time, how do people get hang of this low level stuff, seems beyond my comprehension.
It’s all written down, just learn to read documentation
Always excited to watch a new video by you!
It would have been nice to see a virustotal result and see how many of its AVs detect you.
I love it 😮 really really nice video 😍 it's awesome how easy it was dude
Easy!?
Another fantastic video!
yer a wizard harry
🧙
I really love your videos
It's important to note that all the worry about ensuring the program can still execute its own code is only a concern if you're trying to create a stealthy virus that can act without alerting the user to its presence. Plenty of viruses throughout history have foregone the stealthy approach and made it obvious when the user has run an infected program.
9:13
Does that mean that if you were to stick with .text instead of .reloc, windows wouldn't have found any threats?
Quite possibly
Love your videos!
this channel is so good
All you need to trip Windows defender is downloading and executing another executable (or sometimes executing another executable at all) - something I have to fight frequently as there are many perfectly reasonable reasons to do this :)
i read somewhere that now you can attack a pc from the bios logo and its nothing you can do about it!crazy
you can flash the UEFI and patch it if there is an update available (there is)
but tbh, that vuln is not a way in, they have to have a way in first to do that.
Wait, did you reupload the video with a different thumbnail/title? I'm pretty sure I've seen it on my feed before, but I didn't actually watch it yet
You can change title and thumbnail after a video has been uploaded. It’s pretty common practice to tweak a video after upload to try and maximise the number of people who click it (called Click Through Rate or CTR)
Do you always wear the AVGN fit in videos
I just own a lot of white (and pink) shirts
Nice video! I really like your VSCode theme, would you mind sharing your setup?
Sure - I use Dracula theme (and vim plug-in)
this is a really similar concept to win32 sality it used to bytepatch exes to run itself and was a nasty bit of kit.
As usual, McAfee is a total joke
And Norton; The pair also run misleading notifications that lead straight to their website; no punycode.
Fine. I'll put down Fortnight and watch this 😂
I make no guarantee this is more interesting than Fortnight (:
Into - if it replicates further, it's a worm :). Or, it's simply ads..
A worm triggers its own execution on other hosts. A virus relies on something else to execute it.
I have a video about worms...
I made a virus and I went to prison.
(oh how I wish I was joking)
I want to hear this story!
Hello. I like you.
Hehehe, smart. “easIER”, yet not “easY” 😅
your computer cant run infected code if all its processing power goes to 4 AVs
Video was paced way too fast for me to keep up with. Would’ve been appreciated if you slowed it down and explained things a bit more.
LOL "Don't do anything malicious" FFS! This is where stupid is as stupid does.