How to emulate virus
-
Strange problem: in order to check some securities issues in the organization I need to deploy a sample program that need to be recognized as a known virus or Trojan. The idea is to deploy simple program to all user's machines :doh: and check who will recognized it as virus and to log what was done by the user after it. Its must be recognized as a well known virus so the standard anti virus applications we have will catch it, but of course wont make any damage to the host machine. Any ideas?
-
Strange problem: in order to check some securities issues in the organization I need to deploy a sample program that need to be recognized as a known virus or Trojan. The idea is to deploy simple program to all user's machines :doh: and check who will recognized it as virus and to log what was done by the user after it. Its must be recognized as a well known virus so the standard anti virus applications we have will catch it, but of course wont make any damage to the host machine. Any ideas?
alto wrote:
I need to deploy a sample program that need to be recognized as a known virus or Trojan.
How could be recognized as known, if you're freshly developing it? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
alto wrote:
I need to deploy a sample program that need to be recognized as a known virus or Trojan.
How could be recognized as known, if you're freshly developing it? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
I thought maybe its possible to add some code or known recognition string that the anti virus program looks for, or other idea like this, but i don' know how to do it or if its possible
As far as I know, there are 'innocuos' real viruses around. Cannot you just use one of them? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
Strange problem: in order to check some securities issues in the organization I need to deploy a sample program that need to be recognized as a known virus or Trojan. The idea is to deploy simple program to all user's machines :doh: and check who will recognized it as virus and to log what was done by the user after it. Its must be recognized as a well known virus so the standard anti virus applications we have will catch it, but of course wont make any damage to the host machine. Any ideas?
Perhaps you could neuter a real virus and hope it still gets recognised (and that you really did neuter it!).
Steve
-
I thought maybe its possible to add some code or known recognition string that the anti virus program looks for, or other idea like this, but i don' know how to do it or if its possible
-
As far as I know, there are 'innocuos' real viruses around. Cannot you just use one of them? :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
maybe I can actually, but I'll have to add it to my program since I need it to log the user action (I make it with simple hook on the anti viruses applications) Can you point me to such 'nice' virus? thanks
This is up to you (I don't want such a responsibility...). There are many online virus databases. :)
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles] -
Here use this software, it gives false positive in many virus scanners (they don't like self extractors).
Chat in Europe :java: Now with 24% more Twitter
-
Strange problem: in order to check some securities issues in the organization I need to deploy a sample program that need to be recognized as a known virus or Trojan. The idea is to deploy simple program to all user's machines :doh: and check who will recognized it as virus and to log what was done by the user after it. Its must be recognized as a well known virus so the standard anti virus applications we have will catch it, but of course wont make any damage to the host machine. Any ideas?
Use the standard anti-virus test file: http://www.eicar.org/anti_virus_test_file.htm[^] http://www.f-secure.com/kb/6717[^]
-
Strange, my Avira complains loud about it. I gonna check it.... Virus or unwanted program 'TR/Crypt.ZPACK.Gen2 [trojan]' with latest Avira signature. The software itself is no virus, but triggers their generic self extractor pattern. /M
Chat in Europe :java: Now with 24% more Twitter
modified on Tuesday, June 22, 2010 8:28 AM
