[Danc20]

I have a silly idea. Is it possible for Malware coders to actually help in the fight against malware? I was thinking by creating malware in a safe environment and learning how to defeat it, this research could possibly help in detecting and removing other real-life malware. Perhaps this is similar to OS's finding exploits in their computer code.

Maybe each malware code is different and I am wrong, but it was a thought.

Tell me what you think.

Edited by Danc20, 23 December 2010 - 05:42 PM.

[Advertisements]

I think that's alright.. Knowing and learning what the enemies do..

Just make sure you do not find malware coding interesting and start a career in it..

[Heisei Holmes]

I think that's alright.. Knowing and learning what the enemies do..

Just make sure you do not find malware coding interesting and start a career in it..

[MS-Free]

I have a silly idea. Is it possible for Malware coders to actually help in the fight against malware? I was thinking by creating malware in a safe environment and learning how to defeat it, this research could possibly help in detecting and removing other real-life malware. Perhaps this is similar to OS's finding exploits in their computer code.

That's not really all that silly. What's your programming and security backgrounds?How good are you at assembler?

If you want to fight GeekU, you might want to join Malware. Err... I mean fight Malware join GeekU, though I suppose the reverse may also work.

I had similar notions when I first Joined GeekU, only my thoughts were to reverse-engineer existing Malware - not write my own.... Let's just say the Moderators weren't very welcoming of this approach (at least "not at this point in your training" ... "after GeekU a lot of doors open up for you...").

Edited by MS-Free, 24 December 2010 - 12:19 AM.

[Danc20]

Just make sure you do not find malware coding interesting and start a career in it..

Funny

That's not really all that silly. What's your programming and security backgrounds?How good are you at assembler?...

Well I have no real training or experience in any of those unless security can apply to updating my anti-virus and disinfecting my own computer with help . It was more of a hypothetical question. Like I know devious hackers sometimes switch to work for the government (from what I watch on TV and hear from others) so I thought the same could apply in this field. I'm sure the two fields are similar in some if not many ways.

Not to get too sidetracked, but since you guys are here, does GeekU require programming or assembler language learning? I've off-offhandedly considered GeekU, since helping people rid their computer of malware seems like a cool and rewarding hobby. The thing is though I don't know if I would be interested in any in-depth levels of programming or random tech info to do it! You guys are really 'blessed among computer geeks' for doing it though.

Edit: Found this link: http://www.geekstogo.com/geeku. That helps explain some!

Edited by Danc20, 24 December 2010 - 04:53 PM.

[MS-Free]

Well I have no real training or experience in any of those unless security can apply to updating my anti-virus and disinfecting my own computer with help . It was more of a hypothetical question.

Oh. I see... In that case hypothetically it might be a good idea.

Not to get too sidetracked, but since you guys are here, does GeekU require programming or assembler language learning? I've off-offhandedly considered GeekU, since helping people rid their computer of malware seems like a cool and rewarding hobby. The thing is though I don't know if I would be interested in any in-depth levels of programming or random tech info to do it!

No. Nothing too sophisticated. Deepest level of programming you'll ever deal with is writing a simple BATCH script. Beyond that... its basically all research. Know what's good/bad, and how to deal with... Let the tools developed by people who Do have programming experience worry about the heavy-lifting.

"Random tech info"... don't think there's any of that either... At best you could only hope for pseudo-random tech info... But I don't even think there's any of that. It all seemed very orderly to me.

[Danc20]

Cool. We should develop a hypothetical team .

Thanks MS, that is good to know. Random tech info would be the one thing I fear the most . Not having to delve into programming is also good for me. This makes things a lot more clearer!

Hope your approaching year is satisfactory.

Edited by Danc20, 28 December 2010 - 05:38 PM.

[Raiel]

I have a silly idea. Is it possible for Malware coders to actually help in the fight against malware? I was thinking by creating malware in a safe environment and learning how to defeat it, this research could possibly help in detecting and removing other real-life malware.

It's a good thought, but I'm not sure if you could gain much by doing this. The reason is, if you were a good enough programmer to create your own malware from scratch, you would already automatically know how you could defeat it. If you wrote the malware from scratch, you would know exactly what changes it would make to the target machine (registry entries, files created/patched, etc). So, with this knowledge, if you wanted to, you could probably just write an uninstaller for it.

Regarding the reverse-engineering of existing malware, this is already being done by virus/malware experts worldwide. If they feel it necessary, virus/malware experts who are versed in assembly language will use a program such as IDA Pro to 'disassemble' the malware code and find out exactly what makes the malware 'tick'. The process they use is basically the same as is used to 'crack' software.

But, unless it's something new or unusual, they don't bother to do this with every malware dropper they come across. Sometimes they will just use the malware dropper to infect a machine and use HIPS software to slow down the installation process and monitor any 'intermediate' malware files which the malware itself may delete again during installation, and a program such as Total Uninstall to monitor exactly what changes the malware makes to the system. (I would imagine that big companies like Symantec and Kaspersky etc would use their own custom software to achieve the same kind of analysis, but I'm not sure about this.) Anyway, they then use this information to create the virus/malware 'signatures' which will basically make the antivirus/anti-malware program able to detect/remove the malware.

I think that someone would probably need to have at least a good knowledge of coding (which unfortunately I don't have) to generate any genuinely new and useful ideas about malware research. But I would never try to put anyone off from expressing their ideas. Because, as my grandfather used to say, you never, ever know.

[Danc20]

Wow, thanks Raiel for your reply, it was very informative! I never considered your view on that idea. That makes my idea entirely wrong, good job . A thought was though that maybe the malware creators might be helpful in showing exploits they use, although I am sure that most of the exploits are figured out pretty thoroughly already, so maybe not.

Very interesting to learn about how they detect and handle malware! Thanks for explaining it.

Well, I agree a lot with your grandfather . Although I think you're right that most good ideas will only come from someone who knows malware, but I figured I'd try anyways. Thanks again, excellent reply!