virus

Techniques to detect Polymorphic and Metamorphic viruses?

What techniques can be applied to detect Polymorphic and Metamorphic viruses? How difficult is to implement these techniques? Are these techniques being applied in modern day anti-virus softwares? ...

Approve USB device after insertion

On Windows, is there any way to programatically approve a USB device after insertion, if it is of a certain type (say Removable Drive) allow its use, otherwise not? Also not to allow running of drivers, only allow usage of the device in an approved way? I.E. We want to allow the insertion of USB drives, but not have to worry about viru...

Sniffing network traffic for signs of viruses/spyware

How can I connect a system to a network and sniff for virus/spyware related traffic? I'd like to plug in a network cable, fire up an appropriate tool sand have it scan the data for any signs of problems. I don't expect this to find everything, and this is not to prevent initial infection but to help determine if there is anything tryin...

Why so many web pages contain such a strange code snippet in header?

I've noticed for quite a long time that strange domains such like jsev.com, cssxx.com appered in my firefox status bar from time to time, I always wonder why so many web pages contains resources from these strange domains. I googled it, but found nothing. I guess it's some kind of virus which infect the servers and insert the code. Here ...

How can I find out what a macro does without exposing myself to it?

I have been given two different Microsoft Word document that my virus scanner has warned me contains macros. These should be simple text files, and the person who sent them doesn't even know what a macro is; they may be a mistake on his part, but they might be signs of a malicious infection. My installation of OpenOffice.org is set not t...

Have you ever written a computer virus (or at least tried)?

The title pretty much says it all: have you ever written (or tried to write) a computer virus? I know pretty many young programmers try to do something like that in their early days. Did you? If yes, did you succeed? Tell us your tale - What did it do? Did you get punished? What did you learn from this? Etc. ...

Virus upload scanning asp.net

How do you prevent people uploading viruses to your asp.net windows website ? The only user content I'll be showing are images, sounds and video, can these contain viruses ? ...

How does Google determine to send the Virus page?

When I was a Windows user, I received many times the Virus page in Google. I thought things change in Mac. I received today my first Virus page in Google. I am flabbergasted. The experience raises a question: How can Google know that there is a virus? How does such a "virus" act? How does it determine to send the Virus page? ...

What are the most common virus file types currently circulating?

I am working on a project that will involve file upload to a server. I am interested in understanding what kinds of files virus writers currently tend to target. I am aware of the following threads: How would you programmatically test a file for viruses ? ensuring uploaded files are safe How can I determine a file’s true extension/type ...

How do the Antivirus programs detect the EICAR Test Virus?

The EICAR test virus is used to test the functionality of the anti virus programs. In order to detect it as a virus, Should the antivirus program have the virus definition for the test virus OR The heuristics detect it as a suspicious pattern and detect it as a virus. (I have seen an occasion that an AV program deletes the file whil...

Scan PHP uploads for viruses

I'm currently using the following code to scan files that have been uploaded as part of an application form: $safe_path = escapeshellarg($dir . $file); $command = '/usr/bin/clamscan --stdout ' . $safe_path; $out = ''; $int = -1; exec($command, $out, $int); if ($int == 0) { // all good; } else { // VIRUS!; } It works, but is s...

Javascript "virus"

I have problem with some JS "virus" on all of my websites. They're on different hostings, and on some one of them appears this code. <script> function c2670903e0i49d9f1a845f6b(i49d9f1a846377) { var i49d9f1a846737 = 16; return (parseInt(i49d9f1a846377, i49d9f1a846737)); } function i49d9f1a8472f3(i49d9f1a8476d9) { var i49d9f1a...

Virus code injected in PHP Files

Hi I own a website running on LAMP - Linux, Apache, mySQL and PHP. In the past 2-3 weeks the PHP and jQuery files on my website have become infected from malware from a site called gumblar.cn I can't understand how does this malware get into my PHP files and how do I prevent it from happening again and again. Any ideas? Thanks Vinaya...

Emulating virus-like behaviour?

I'm looking for a way to emulate virus-like behaviour for testing exclusions in anti-virus software. Can anyone recommend some behaviour that I can put together in a quick script which would trigger a typical realtime anti-virus scanner? ...

Accidentally created a virus?

I've seen it happen reasonably often: I write an application in Delphi and when I compile it, the virus-scanner tells me that I've created a virus and then immediately deletes the executable again. It's annoying but reasonable easy to fix by doing a full rebuild, deleting the *.dcu files first and sometimes by simply waiting. It happens...

PRRS and SIV solutions for Veterinarian

Are there solutions for Porcine Respiratory reproductive virus in swine? New vaccines? New technologies in preventing this disease? ...

how does browser (firefox/safari) detects that website you are visiting is infected?

how does browser (firefox/safari) detects that website you are visiting is infected? Do they have a black list? or they run the URL through some Antivirus scripts? or What happens behind the scenes? ...

Good source to learn how about virus and other security tools?

Anti-virus, malware, botnets and the like are becoming larger and larger parts of our daily lives. Are there any resources that discuss creating anti-virus tools, security tools and such? Seems like an interesting topic, but I have not been able to find any real source to refer to in order to learn more. Suggestions? (Good and bad?) I ...

Win32/Induc.A, "Delphi"-virus, infects SysConst.pas, does anyone have a sample of code to search for?

I just noticed that a recent upgrade of Take Command is reported as being infected with this virus, and an update to NOD in the last few hours added the ability to detect that virus, which is why I became aware of it. In this case, judging by the contents of the article linked to in the answer I accepted, it looks like it is a false posi...

How to recognize malicious source code?

BE AWARE! Creating spyware, computer viruses and similar nasties can be illegal where you live and is considered extremely unethical by almost everyone. Still, I need to ask this to raise awareness about how easy it is to create one. I am asking this after the W32/Induc-A was introduced to this world by someone who came up with a nasty w...