I want to study the behaviour of viruses, how do I?

February 21, 2012 at 23:03:06
Specs: Linux i686
Also I read somewhere that creating bait files, will help. But I dont know how to create them. Please help

See More: I want to study the behaviour of viruses, how do I?

Report •

#1
February 21, 2012 at 23:36:54
Connect an unprotected PC directly to the Internet and visit a few porn sites. You'll then have plently of viruses to study.

Unless you know exactly what you are doing any attempt to study viruses is going to end with tears before bedtime. Leave it to the anti-virus companies.


Report •

#2
February 21, 2012 at 23:53:50
Watch Youtube videos on virus removal, most will include the behaviour of viruses. It's one way of identifying which is which?
If I was you I would listen to ijack in post#1, but i'm not so I would shop at yard sales/2nd hand dealers for a real cheap box to play with. You should find one for less than $10, so there's no worries if you really stuff it up. If the pc you have is not that valuable you could try a virtual machine.

Report •

#3
February 21, 2012 at 23:57:12
I have a few viruses in my machine. All I want to do is study their behavior

Report •

Related Solutions

#4
February 22, 2012 at 00:03:26
The longer you leave them, you will see there behaviour for sure 100%. If you value your pc remove them immediately. If not sooner!
Good luck, see you back here when your pc is stuffed.

Report •

#5
February 22, 2012 at 00:05:34
Haha, I am trying to stuff my PC as much as possible , I am learning here their behavior as a part of my project! Thanks anyways. :-)

Report •

#6
February 22, 2012 at 00:21:41
I hope its not your own personal pc you are doing your project on? As Windows viruses will not run on Linux.
You ask about "bait files" (honeypot) http://en.wikipedia.org/wiki/Honeyp...


Report •

#7
February 22, 2012 at 00:24:30
No. its not my own PC. Its a PC for research and am doing on virtual machine-windows. OH. I realize now , that bait files are like honeypots. thanks a lot. But do you know how antivirus professionals create them?

Report •

#8
February 22, 2012 at 00:28:44
http://www.infosecwriters.com/text_...
There's many more, I think you should try Google you will learn how to find the right answers to all your questions.

Report •

#9
February 22, 2012 at 01:15:35
I don't wish to sound rude but I have to say that someone who was capable of studying viruses safely would not have to post this sort of question on a forum. That is more what I would associate with some script kiddie wanting to find out how to spread viruses.

But I'm going to give you the benefit of the doubt and answer your question seriously.

Before you do anything else you must ensure that the computer that you know to be infected with viruses is disconnected from any network. Not to do so would not only be irresponsible but could well be a criminal offence in some countries (as you know the computer is infected you would be guilty of deliberately spreading malicious software).

To actually study how the viruses work you need intimate knowledge of the NT kernel (without knowing how the kernel works how can you study something that tries to disrupt that working?). Inside Windows NT is a good book for that purpose; no doubt there are newer editions that cover later versions of Windows.

Next you will need to install a debugging version of the kernel, so that you can study what is happening, and debugging tools. To make any use of these you must have an intimate knowledge of the C programming language and i386 assembler programming. Then you will be able to study what is actually happening when a virus does its work.

Be aware that, even with this knowledge and these tools, rootkits can easily hide from you.

As I said at the outset, I don't believe that anyone with the appropriate tools and knowledge would need to pose this question in the first place. And I have no intention of saying anything more which might be of use to anyone wishing to spread malicious software.


Report •

Ask Question