Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: Virus Creation

1 view
Skip to first unread message
Message has been deleted

1PW

unread,
Oct 15, 2009, 7:11:21 AM10/15/09
to
Toxic wrote:
> http://tinyurl.com/Virus-Creation
> I followed the instructions in #3 and copied the binary number and named
> it blogspot.exe, zipped it, then submitted it to jotti to see what is's
> supposed to do and got a universal response of "nothing found" from all
> the various scanners. Is this some kind of destructive code that doesn't
> have any distinct signature, or perhaps it's nothing? The date of the
> posting was 2007 so it can't be 0-day by a long shot.
> Maybe it's some destructive sequence like Dalton Shelby's batch file he
> called Brittneys Tits that formatted a "D" drive if it existed.

I know this isn't the point you are trying to make, but the following
is an extract from step #2:

"2.Go to Notpad and type erase C:\WINDOWS (or C:\LINUX if you
have linux)"

Now where did a put my Notpad... Oh yeah. I left it on my Linux C:\
drive...

I don't believe too many users of Linux systems have much to fear from
step #2.

FWIW

--
1PW

FromTheRafters

unread,
Oct 15, 2009, 9:50:19 AM10/15/09
to
"Toxic" <staring@my_hd.tv> wrote in message
news:pan.2009.10...@cdc.gov...

> http://tinyurl.com/Virus-Creation
> I followed the instructions in #3 and copied the binary number and
> named
> it blogspot.exe, zipped it, then submitted it to jotti to see what
> is's
> supposed to do and got a universal response of "nothing found" from
> all
> the various scanners. Is this some kind of destructive code that
> doesn't
> have any distinct signature, or perhaps it's nothing? The date of the
> posting was 2007 so it can't be 0-day by a long shot.
> Maybe it's some destructive sequence like Dalton Shelby's batch file
> he
> called Brittneys Tits that formatted a "D" drive if it existed.

The guy makes a simple delete bomb and calls it a virus. I suspect the
"binary" code becomes an ASCII text string of ones and zeroes which are
meaningless in an exe file. He would have been more like (Devastator
Pax/Condor?) had he just substituted another message for the text in an
EICAR comfile.

...I still have devastator kicking around somewhere.


Ant

unread,
Oct 15, 2009, 9:31:19 PM10/15/09
to
"Toxic" wrote:
> http://tinyurl.com/Virus-Creation
> I followed the instructions in #3 and copied the binary number and named
> it blogspot.exe, zipped it, then submitted it to jotti to see what is's
> supposed to do and got a universal response of "nothing found"

Well, what did you expect for a 50 byte string of ASCII ones and zeros?
It's not large enough or even the correct format to be an executable.
Even when converted to binary its only 6 bytes + 2 spare bits.


Message has been deleted
Message has been deleted

1PW

unread,
Oct 16, 2009, 4:33:54 PM10/16/09
to
Toxic wrote:
> Do you have any idea what the binary string does?
> (01001011000111110010010101010101010000011111100000)
> Maybe instead of [exe] you could call it [elf]?

<http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp>

--
1PW

FromTheRafters

unread,
Oct 16, 2009, 5:21:04 PM10/16/09
to
"Toxic" <staring@my_hd.tv> wrote in message
news:pan.2009.10...@cdc.gov...

> Do you have any idea what the binary string does?

It depends on what machine interprets the string as viable code, or
rather it's 'instruction set', to have it *do* anything - at least
anything useful.

[...]

> Maybe instead of [exe] you could call it [elf]?

There are many more differences between those executable formats than
just their filename extension.


Message has been deleted
Message has been deleted

FromTheRafters

unread,
Oct 16, 2009, 8:36:28 PM10/16/09
to
"Toxic" <staring@my_hd.tv> wrote in message
news:pan.2009.10...@cdc.gov...
> On Fri, 16 Oct 2009 15:49:21 -0700, ASCII wrote:

>
>> 1PW wrote:
>>>
>>>
>>>> Do you have any idea what the binary string does?
>>>> (01001011000111110010010101010101010000011111100000)
>>>
>>><http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/
> Binary_To_Text.asp>
>>
>> It reveals nothing, sorta as suspected.
>
> Same result here, even tried to convert in HackPad as well as some
> other
> online converters.

Taking off the last two zeroes will let it translate to textual
gibberish - but you still have no idea what the destination for the
supposed code was. The command interpreter would expect ASCII text
command and program names and see it as ASCII text zeroes and ones
anyway.

...but you make me wonder what would happen if you submitted a batchfile
to VT that prepended the string "@autoexec" to the autoexec.bat file.


ArameFarpado

unread,
Oct 16, 2009, 8:44:51 PM10/16/09
to
Em Quinta 15 Outubro 2009 09:50, Toxic escreveu:

> http://tinyurl.com/Virus-Creation
> I followed the instructions in #3 and copied the binary number and named
> it blogspot.exe, zipped it, then submitted it to jotti to see what is's
> supposed to do and got a universal response of "nothing found" from all
> the various scanners. Is this some kind of destructive code that doesn't
> have any distinct signature, or perhaps it's nothing? The date of the
> posting was 2007 so it can't be 0-day by a long shot.
> Maybe it's some destructive sequence like Dalton Shelby's batch file he
> called Brittneys Tits that formatted a "D" drive if it existed.

this site is all bullshit...

it was written by a complete ignorant that even thinks linux have a c:
drive...
there's no drives in linux at all.


FromTheRafters

unread,
Oct 17, 2009, 7:23:04 AM10/17/09
to
"ArameFarpado" <a-farpa...@netcabo.pt> wrote in message
news:4ad91384$0$288$1472...@news.sunsite.dk...

LOL then what is hda0?

ArameFarpado

unread,
Oct 17, 2009, 9:34:44 AM10/17/09
to

nothing, hda0 doesn't exist

hda = master disc on primary ide

hda1 = first partition of hda

hda5 = first logical partition of hda

and so on...

none of these is acessible by a drive letter, like happens on limited
systems


FromTheRafters

unread,
Oct 17, 2009, 1:48:53 PM10/17/09
to
"ArameFarpado" <a-farpa...@netcabo.pt> wrote in message
news:4ad9c7f5$0$281$1472...@news.sunsite.dk...

No drive letters, but it still has drives.


LittleProgrammer

unread,
Oct 28, 2009, 12:38:36 AM10/28/09
to

Z:\ you fool :]]

LittleProgrammer

unread,
Oct 28, 2009, 12:41:47 AM10/28/09
to

some linux(or maybe all linux) not support running windows .exe files,
lol. and on that stupid website, its a batch command. lol.

ArameFarpado

unread,
Oct 28, 2009, 3:45:18 AM10/28/09
to

exe's only run in emulated enviroments

0 new messages