wat is a string in a virus code????

hi …
i have read in many posts with that mention of “strings of virus code”
can some one tell me how exactly does avast identifiy a virus…??
and if avast gets a sample of a new virus how do the techies some up with a anti-code of that virus??
it would be great to know???
in some amount of detail…since i am a comp sci student : ;D
is there any software to decompile a *.exe file???

Decode or reengineering could be the same of cracking, illegal action in any country.
But yes, you can google and you’ll find. The efficacy of the tools aren’t that good of course, manufactures want to protect their software as much as they can.

Hi sasin44,

Fire up Servant Salamander from ALTAP Ltd, a great Czech tool for the purposes you have in mind, use hex editors. Re-engineering can be done under certain circumstances within an educational environment. Use a good Bin-scanner and FileAlyzer, a good recompiler is rec Stud the rec200 MFC Application. For some interesting analyzing info look for the old re-engineering documents on the Net made by Fravia. A series of good de-buggers is also what you cannot do without.
But I like the other approachment, learning to code with security at heart. So the one researcher starts with the trunk, and the other from the tail-end of the elephant.Anyway whatever you like to do in the white hat, grey hat, red hat or black hat sphere, learn the manuals by heart and the way the code works, like the a from algebra, the c from C++, the a from ajax, or the j from javascript. Learn about a Burp proxy, %00 in the URL, vim and what it will produce,/// ; alert(String from CharCode(88,83,83)//älert etc. etc…/// If all that knowledge has sunken in you can start to explore these nore elequent terrains,

polonus

thanks for that info…i’ll keep it in mind …if i want to branch out to security related fields…
and i guess i sort of know C and C++…
but our god forsaken university kinda focuses on algorithms and problems that on actual OS implementation…which is the need of the hour…

Hi sasin44,

Use the tools that we all have like specific search engines, the newsgroups, the full disclosure messages. Read and digest, and come to conclusions.
Start to use the fuzzers to see where the code has weak points. Make mem leak dumps. See the exemplarity of for instance of weak cgi implementations, and where these same vulnerabilities in a similar form re-appear in cross site scripting holes, and other malware vectors. Mind that javascript has been used for quite some time without a specific emphasis on secure coding. Why an anti-phishing tool can be lamed by an accidental metacharacter, an extra slash or a combination of slashes and backward slashes http:// evilsite.com/ How interoperability in the Web 2.0 web features also enhanced the undesirable features of malicious code (stealth and embedded). Why security through obscurity is protecting the unaware up until this day? Why malware artists use legit tools for malicious purposes, and work free API’s (see program API Spy) like the Google api for evil purposes.

polonus

Hi sasin44,

While we have first put you on the right route, we can now give you an answer to your original question.
This is also an interesting field of survey for hackers, next to testing alll the ISAPI’s for holes, strings is a next item of interest of malcreants. Format String vulnerabilities

Format string vulnerabilities are a new class of security problems that have recently been discovered over the past couple of years. Format strings are a programming construct used in the C and C++ programming languages used for formatting I/O. They contain special identifiers (such as %s for strings, %d for integers) that if used in malicious input, can reveal information about the call stack and variables used in functions. In particular, the dangerous %n identifier can be used to overwrite data in memory. Since overwriting memory allows hackers to do basically the same thing as buffer overflows, the results are the same: arbitrary code execution.

The root cause of format string vulnerabilities is the use of variable argument functions in C/C++. These problems can be eliminated by proper input validation and exception checking in the code. In addition, automated code testing tools can be used to identify format string bugs like:printf(string); and recommend that printf(“%s”, string); should be used instead.

If you got a well informed insight in C and C++ you can do some good work in getting handles on secure coding to avoid these vulnerabilities.

polonus