|
Tiak
|
 |
« on: October 31, 2008, 02:49:32 PM » |
|
No, not America's most trusted brand of condoms, the kind of trojans where undesired content is run from a seemingly innocuous file.
The idea would go like this, we get a new file type called, "Incorporators" or something of the like, and with these files, we can hide viruses in other files. After incorporation, the desirable file would have filesize of the virus in question added to it, and when run, would take up extra resources and would have a "hidden" install going in addition to preforming its regular functions. This install takes 1.5x the time required to normally install the virus in question, and is canceled when the process is killed. Once it completes, (and completion would be automatic once time isup) then the beneficial process would go back to taking up its normal resources, and a a virus process would start with the virus's normal resources. After that, the original file will be deleted if you disinfect the virus, and the virus process will be removed if you delete the original file.
There would also of course be disincorporators, which could attempt to remove the virus portion from a file that has yet to be installed. In the process of stripping the virus from the original file, some inefficiencies would pop up, making the file keep a limited portion of the file size and resource usage of the virus.
Your thoughts?
|
|
|
|
« Last Edit: October 31, 2008, 02:52:39 PM by Tiak »
|
Logged
|
|
|
|
|
Seb
|
|
« Reply #1 on: October 31, 2008, 04:08:59 PM » |
|
Yeah, what're the cons, honestly?
and how will the incorperator mimic a virus?
|
|
|
|
|
Logged
|
|
|
|
|
gs 059
|
|
« Reply #2 on: November 01, 2008, 01:25:10 AM » |
|
if the infected file gets bigger, and uses more resources, than wouldn't someone know right away that it is infected and just run the disincorporator on it right away, or not even dl it in the first place?
|
|
|
|
|
Logged
|
|
|
|
|
Tiak
|
|
« Reply #3 on: November 01, 2008, 02:12:08 PM » |
|
if the infected file gets bigger, and uses more resources, than wouldn't someone know right away that it is infected and just run the disincorporator on it right away, or not even dl it in the first place?
For enlarged file size, unless someone is ataching v1 file shares to v1 deleters, it wouldn't neccesarily be all that noticable. I have quite a few 100+ GB files, I probably wouldn't notice that v1 file share on one of those files, and I really wouldn't notice a v0.1 spyware on any of my files. As for noticing it when it is run, people may not pay attention, that v0.1 spyware would also be completely invisible to me on almost all of my running processes. People also may ignore the fact that it is there. If a file you need to protect yourself has a virus on it, but was incorporated with too high of a version, you might still want to use it, or if, say, a password break has a virus on it that takes a couple of hours to insall, I might use it, but always try to remember to kill it in time. |
|
|
|
|
Logged
|
|
|
|
|
Araeus
|
|
« Reply #4 on: November 02, 2008, 04:43:11 AM » |
|
Wouldn't people notice if the password breaker they just ran took up bw? Do you mean it would just take up the extra CPU and RAM for the install portion and then the bw when the install is finished or something?
|
|
|
|
|
Logged
|
|
|
|
|
Seb
|
|
« Reply #5 on: November 02, 2008, 09:37:29 AM » |
|
I think this is what would happen: you put a 'small' virii into a big file. Person unknowingly downloads file. Person runs the file, perhaps a password protect, as they got to bed. virii begins install. Virii installs itself. Person comes back and goes 'wtf?' you collect profit!!  |
|
|
|
|
Logged
|
|
|
|
|
Tiak
|
|
« Reply #6 on: November 02, 2008, 10:09:21 AM » |
|
Wouldn't people notice if the password breaker they just ran took up bw? Do you mean it would just take up the extra CPU and RAM for the install portion and then the bw when the install is finished or something?
It would take the bandwidth, and it would be possible to notice, the feature wouldn't be godmode... But every now and then, people wouldn't notice, or wouldn't think it important enough to avoid. |
|
|
|
|
Logged
|
|
|
|
|
bkwinner
|
|
« Reply #7 on: November 03, 2008, 01:45:53 PM » |
|
if this idea is implemented, i am going to be searching my files for incongruencies in the recources.
also, if the virus is attached to a breaker, (fw or pass) and i overload it, does the install take up more recources, too?
p.s. is it possible to attach a virus to another virus?
p.p.s. can we attach non-viruses?
|
|
|
|
|
Logged
|
|
|
|
|
gs 059
|
|
« Reply #8 on: November 03, 2008, 02:19:53 PM » |
|
^^ maybe attach a virus to a virus to let it double install.... lol
also, maybe put all of my files in one file, so I can run my firewall bypass and password break in one, or have my log deleter/undeleter and my protections all in one file...
would be interesting...
|
|
|
|
|
Logged
|
|
|
|
|
Seb
|
|
« Reply #9 on: November 03, 2008, 05:31:11 PM » |
|
Oh oh, I know, attach a v1 spyware to a v.3 or so fileshare, no one will ever see it.  |
|
|
|
|
Logged
|
|
|
|
|
Sin15698
|
|
« Reply #10 on: November 27, 2008, 03:18:22 AM » |
|
I knida like this idea, nobody would ever trust their files again everyone would keep checking to make sure they don't have a hidden virus. |
|
|
|
|
Logged
|
It's not that I'm afraid to die. I just don't want to be there when it happens.
|
|
|
|
